Login/Register
Android Management API for G Suite
Asked Answered
androidgoogle-workspaceandroid-management-apiandroid-for-work
A

3

6

We have a G Suite account, and I would like to manage some of our company owned tablets as kiosk displays using the Android Management API. However, it seems to require an arbitrary "personal" Gmail account, instead of allowing a G Suite user to use it.

To provision a device, you need to create a policy. A policy needs to be assigned to an enterprise.

Option 1: Trying to link an existing enterprise

You can get your G Suite Organization ID from here, and this ID is apparently also your Enterprise ID. The API needs it in the format enterprises/id, e.g. enterprises/abcdefg

Unfortunately, even after authenticating with a super-admin, any calls to the API are met with

{
    "error": {
       "code": 403,
       "message": "Caller is not authorized to manage enterprise.",
       "status": "PERMISSION_DENIED"
    }
}

Option 2: Creating an enterprise

A Quickstart Guide is available that makes it easy to create an enterprise, create a policy, and then provision devices. Everything works well when we use a personal Gmail account and I could successfully provision a tablet into kiosk mode. As soon as I try to use a G Suite account, I am met with: "G Suite is not currently supported by managed Google Play Accounts, please choose a non-G Suite account to continue."

Do we need to create an arbitrary Gmail account (e.g. [email protected])?

What happens if we then later wanted to provision devices of third parties? Would everyone's devices then be linked to an enterprise of an arbitrary Gmail user?

Any help would be appreciated, thank you.

Anacoluthon answered 11/2, 2020 at 11:27 Comment(0)
D
0

We did option two. However this means that you cannot put something onto the private play store.

Deboer answered 28/2, 2020 at 10:29 Comment(0)
S
0

Android Management API is currently not compatible with GSuite.

You need to use a Gmail account to create a Managed Google Play Enterprise in order to use Android Management API.

If you plan on provisioning devices for third parties, it is suggested that you create a separate Enterprise for each in order to link each device to the intended enterprise.
You can read about Managed Google Play Accounts here

Sib answered 28/4, 2020 at 11:59 Comment(0)
M
0

I've published apps to our internal 'enterprise' and also to our pseudo-enterprise (option 2). I don't think there is any other way unfortunately. Just make sure the gmail account credentials are very secure and I think it is reasonably safe. After doing option 2 you do get an organization ID. One thing that isn't mentioned in the documentation is that things don't happen instantly and much of the process is poorly documented. I spent hours searching up solutions for issues I was having and the solution ended up being I just needed to wait a few hours. If you are publishing first-party applications on Google Play you can make them available as private apps to both your internal enterprise and the pseudo-enterprise.

Mogador answered 10/6, 2020 at 0:13 Comment(1)
I'm trying to do the same thing, however, I can only create policies for gmail account's enterprise and not organisations. And when I try to provision using gmail account's credentials, it fails to install the app. Could you please elaborate on what you did to make this work? I'd be very grateful.Indelible

© 2022 - 2024 — McMap. All rights reserved.