Environment preparation and user enrollment

The Android Management API (AMAPI) SDK plays a important role in the new custom Device Policy Controller (DPC) enrollment flow. It facilitates communication between EMM custom DPC apps and Android Device Policy (ADP) and streamlines device enrollment by interacting with the Play EMM API for key enrollment functions.

Key functions of the AMAPI SDK:

  • Enables communication between EMM DPC apps and Android Device Policy.
  • Facilitates local execution of commands.
  • Supports the new device enrollment flow for adding managed Google Accounts.
  • Manages the installation or updates of Android Device Policy when needed.

The SDK is essential for two primary reasons in the custom DPC enrollment flow:

  1. It sets the environment by helping to install and update Android Device Policy correctly on the device.

  2. It is used to call Android Device Policy locally, which initiates the user login sequence on the device.

These foundational functions prepare the device for management and make the subsequent enrollment steps possible.

Environment

The AMAPI SDK's EnvironmentClient is an interface that allows access to environment-related APIs. You can create an instance using EnvironmentClientFactory.

Key features of the EnvironmentClient:

  • Makes sure the SDK API level meets the minimum requirement.
  • Checks for and initiates an update for Google Play services if needed.
  • Verifies that Android Device Policy is installed and updated. Be aware that this process can take some time as it may involve an installation or update.

For more details on the EnvironmentClient interface, see the reference documentation.

AccountSetup

The AccountSetup class within the AMAPI SDK is responsible for managing the process of setting up a Google Account on a managed Android device.

Key features of the AccountSetup:

  • Starts the account setup process using the AccountSetupClient and an enrollment token.
  • Handles the enrollment token, which is generated by the EMM and passed to the AMAPI SDK. This token determines whether user authentication is required.
  • Launches an authentication activity if needed, prompting the user to sign in with their Google credentials.
  • Receives a callback with the user's email and user ID upon successful sign-in.
  • The EMM uses the received user identifiers to set the device policy with the Devices.update method.
  • The EMM calls Devices.setState to mark the device as compliant and allow access to Google services.

This functionality is part of a new device enrollment method that leverages the AMAPI SDK instead of the DPC support library. For more details on AccountSetup see AMAPI reference documentation and Implement the user accounts guide.