Typical management tasks

EMMs can implement a range of typical management tasks in their enterpriese solutions for Android, such as the tasks shown in this guide. The sample code uses the Google Play EMM API Client Library for Java®.

Look up users and get user details

Many of the Google Play EMM APIs require a userId (in addition to an enterpriseId) to do some user-associated tasks, such as install an app, obtain entitlements, and licensing. Some calls require a user object.

If an organization uses managed Google Play Accounts, you maintain a mapping between user email addresses and the user IDs for those accounts. With Google Accounts, you use UsersListResponse.

Look up users

This code sample gets user IDs associated with Google Accounts. It doesn’t apply to organizations that use managed Google Play Accounts.

This example assumes that you imported the User and UsersListResponse models into your code. To get a specific user account, get its userId by passing the enterpriseId and email to UsersListResponse.

public UsersListResponse list(String enterpriseId, String email) throws
   IOException {
    return androidEnterprise
        .users()
        .list(enterpriseId, email)
        .execute();
}

Get user details

Once you have the userId, you can retrieve other details. See Users.Get.

public User get(String enterpriseId, String userId) throws IOException {
    return androidEnterprise
        .users()
        .get(enterpriseId, userId)
        .execute();
}

Grant a user access to apps

You can use the Google Play EMM APIs to control which apps a user can access from the managed Google Play store. Access to an app includes the ability to search for, view, install, and update it. There are three different access levels available:

  • Whitelist: The user has access to a specific set of apps that you define.
  • Approved apps: The user has access to all apps that are approved for the enterprise.
  • All apps: The user has access to all apps that are publicly available in the Google Play store.

Give a user access to whitelisted apps

The example below shows how to grant a user access to a specific set of apps (a whitelist) from the managed Google Play store. The process includes the following steps:

  • Collect a list of productIds (whitelist) of apps that are approved for the user (productSet).
  • Specify that the user can only access apps on the given list by setting the value of the productSetBehavior string to "whitelist".
  • Apply the list of productIds and the behavior setting to the user’s available product set using setAvailableProductSet.
public ProductSet setProductSet(String enterpriseId, String userId,
    List<String> productIds) throws IOException {
  ProductSet productSet = new ProductSet();
  productSet.setProductId(productIds);
  productSet.setProductSetBehavior("whitelist");

  return androidEnterprise
      .users()
      .setAvailableProductSet(enterpriseId, userId, productSet)
      .execute();
}

Give a user access to all approved apps

The example below shows how to grant a user access to any app that is approved for the enterprise from the managed Google Play store. The process includes the following steps:

  • Specify that the user can access all apps approved for the enterprise by setting the value of the productSetBehavior string to "allApproved".
  • Apply this setting to the user using setAvailableProductSet.
public ProductSet setUserIncludeApprovedApps(String enterpriseId, String userId)
    throws IOException {
  ProductSet productSet = new ProductSet();
  productSet.setProductSetBehavior("allApproved");

  return androidEnterprise
      .users()
      .setAvailableProductSet(enterpriseId, userId, productSet)
      .execute();
}

Note: When productSetBehavior is set to "allApproved", you don’t need to specify any productIds for the productSet.

Give a user access to all apps

The example below shows how to grant a user the ability in the managed Google Play store to access any app that is available in the public Google Play store. Users with access to all apps still only see the store layout for their enterprise when they open managed Google Play, but can find additional apps through search.

Certain trusted users, such as IT admins, may require this greater level of access to test and evaluate apps before approving them for the enterprise. The process of granting a user access to all apps includes the following steps:

  • Specify that the user can access all apps in the Google Play store by setting the value of the productSetBehavior string to "includeAll".
  • Apply this setting to the user using setAvailableProductSet.
public ProductSet setUserIncludeAllApps(String enterpriseId, String userId)
    throws IOException {
  ProductSet productSet = new ProductSet();
  productSet.setProductSetBehavior("includeAll");

  return androidEnterprise
      .users()
      .setAvailableProductSet(enterpriseId, userId, productSet)
      .execute();
}

Note: When productSetBehavior is set to "includeAll", you don’t need to specify any productIds for the productSet.

Create a store layout

After giving users access to apps, group the apps into clusters for display in the managed Google Play store front.

You can create a unique customized store layout for each of your customers using the Storelayoutpages and Storelayoutclusters APIs. A typical layout consists of a set of pages, and each can contain clusters of apps. You can put related apps into the same cluster. See Create custom store layouts for details and sample code.

Get an app’s permissions

To add an app to a custom store layout (or silently install an app on a user’s device) and display the app so the user can select it, the administrator must accept permissions to that app for the entire organization. Administrators can accept app permissions and mark apps as approved for distribution in the managed Google Play console (see the managed Google Play overview).

As a best practice, we recommend embedding the permissions iframe into your EMM console. This means the user doesn’t have to navigate separately to the managed Google Play console. Use Products.getApprovalUrl to get the URL of the iframe.

public String getApprovalUrl(String enterpriseId, String productId)
    throws IOException {
  return androidEnterprise
      .products()
      .generateApprovalUrl(enterpriseId, productId)
      .execute()
      .getUrl();
}

Use Products.approve to accept those permissions.

public void approveProduct(String enterpriseId,
    String productId,
    String approvalUrl) throws IOException {
  ProductsApproveRequest productsApproveRequest =
      new ProductsApproveRequest()
          .setApprovalUrlInfo(
              new ApprovalUrlInfo().setApprovalUrl(approvalUrl));
  androidEnterprise
      .products()
      .approve(enterpriseId, productId, productsApproveRequest)
      .execute();
  }

Get a user's devices

To do device-specific actions, you need to identify the devices associated with a user. This example returns the list of devices for a given userIDusing DevicesListResponse.

public DevicesListResponse list(String enterpriseId, String userId) throws
   IOException {

    return androidEnterprise
        .devices()
        .list(enterpriseId, userId)
        .execute();
}

If the user agreed to the Terms of Service presented when they attempted to access managed Google Play for the first time, the response includes unmanaged devices (devices with the unmanagedProfile management type).

Get and set the state of a device

This management task applies only to organizations that use Google Accounts. It doesn’t apply to organizations that use managed Google Play Accounts.

When the user’s managed Google Account is activated on a managed device, access to Google services is enabled (or disabled) based on:

If EMM enforcement is disabled, the device state is ignored and the account is granted access to Google services whenever it’s activated on an Android device. If EMM enforcement is enabled but the device’s state isn’t, users can’t install applications from Google Play, and Google Play EMM APIs can’t silently install apps for that user on the device.

This example shows how to get the state of a given device (specified by passing the enterpriseId, userId, and deviceId).

The getState() and setState() operations work for devices with a managementType of managedDevice or managedProfile (on the Devices resource) only. Devices with a managementType of unmanagedProfile can’t be controlled with these APIs.

public DeviceState getState(String enterpriseId, String userId, String
   deviceId) throws IOException {

    return androidEnterprise
        .devices()
        .getState(enterpriseId, userId, deviceId)
        .execute();
}

Enable or disable Google services for the account on a device by setting the AccountState string to the appropriate constant.

public DeviceState setState(String enterpriseId, String userId, String
   deviceId, String accountState) throws IOException {

    DeviceState deviceState = new DeviceState();
    deviceState.setAccountState(accountState);

    return androidEnterprise
        .devices()
        .setState(enterpriseId, userId, deviceId, deviceState)
        .execute();
}

Push install an app on a device

Administrators can silently install applications. User interaction isn’t required. This example uses Installs.Update to silently install an app (identified by productId) to a device (identified by deviceId).

public Install update(String enterpriseId, String userId, String
   deviceId, String productId) throws IOException {

    return androidEnterprise
        .installs()
        .update(enterpriseId, userId, deviceId, productId,
           new Install())
        .execute();
}

If the app already exists on the device and an updated version is available, the app is updated to the new version.

Search for and get apps from the approved applications list

Administrators create and manage a list of approved apps that are available to their users in managed Google Play. Users on BYOD devices with work profiles and users on corp-liable devices where the entire device is managed by the organization can download apps only from this approved list.

You can customize your EMM console to include a search box so that administrators can search for apps only on the approved apps list. The search function accepts the same parameters as a standard managed Google Play search function, but it only searches for apps on the approved apps list.

For example, if the administrator wants to push install an app on the approved apps list to devices in their enterprise, they can use this search function in the EMM console to find the app.

In your query, you can specify a maximum number of products your result should contain, such as setMaxResults(10L), just enough to fill the screen. The default value is 100, which is also the maximum that can be returned at once. When the result contains a pagination token, there are more results that you can retrieve by passing the pagination token.

This example shows how to get the first 10 results of a search for productivity apps. See Products.List.

public List searchProducts(String enterpriseId) throws IOException {
  ProductsListResponse executeResult =
      androidEnterprise
          .products()
          .list(enterpriseId)
          .setMaxResults(10L)
          .setQuery("productivity")
          .execute();
  return executeResult.getProduct();
}

If the search result contains a pagination token, the search produced more than setMaxResults results, or more than 10 in this example. To retrieve more results, redo the search and include the pagination token in the request. This example gets the next 10 results.

public ProductsListResponse continueSearch(
    String enterpriseId, ProductsListResponse previousResponse) throws IOException {
  ProductsListResponse nextResults =
      androidEnterprise
          .products()
          .list(enterpriseId)
          .setMaxResults(10L)
          .setToken(previousResponse.getTokenPagination().getNextPageToken())
          .setQuery("productivity")
          .execute();
  return nextResults;
}