REST Resource: enterprises

  • An Enterprise resource represents the configuration applied to an enterprise, including settings for notifications, branding, terms and conditions, sign-in details, and contact information.

  • Enterprises can receive various notification types via Google Pub/Sub, such as enrollment, status reports, command completion, and usage logs.

  • External data, like a logo, can be hosted externally and verified using a SHA-256 hash.

  • SigninDetail resources manage sign-in URLs, enrollment tokens, and QR codes for device provisioning, controlling personal usage and default sign-in methods.

  • Enterprises can be of different types, including managed Google domains and managed Google Play Accounts enterprises, with specific settings for Google authentication.

Resource: Enterprise

The configuration applied to an enterprise.

JSON representation
{"name":string,"enabledNotificationTypes":[enum (NotificationType)],"pubsubTopic":string,"primaryColor":integer,"logo":{object (ExternalData)},"enterpriseDisplayName":string,"termsAndConditions":[{object (TermsAndConditions)}],"appAutoApprovalEnabled":boolean,"signinDetails":[{object (SigninDetail)}],"contactInfo":{object (ContactInfo)},"googleAuthenticationSettings":{object (GoogleAuthenticationSettings)},"enterpriseType":enum (EnterpriseType),"managedGooglePlayAccountsEnterpriseType":enum (ManagedGooglePlayAccountsEnterpriseType),"managedGoogleDomainType":enum (ManagedGoogleDomainType)}
Fields
name

string

The name of the enterprise which is generated by the server during creation, in the formenterprises/{enterpriseId}.

enabledNotificationTypes[]

enum (NotificationType)

The types of Google Pub/Sub notifications enabled for the enterprise.

pubsubTopic

string

The topic which Pub/Sub notifications are published to, in the formprojects/{project}/topics/{topic}. This field is only required ifPub/Sub notifications are enabled.

primaryColor

integer

A color in RGB format that indicates the predominant color to display in the device management app UI. The color components are stored as follows:(red << 16) | (green << 8) | blue, where the value of each component is between 0 and 255, inclusive.

logo

object (ExternalData)

An image displayed as a logo during device provisioning. Supported types are: image/bmp, image/gif, image/x-ico, image/jpeg, image/png, image/webp, image/vnd.wap.wbmp, image/x-adobe-dng.

enterpriseDisplayName

string

The name of the enterprise displayed to users. This field has a maximum length of 100 characters.

termsAndConditions[]

object (TermsAndConditions)

Terms and conditions that must be accepted when provisioning a device for this enterprise. A page of terms is generated for each value in this list.

appAutoApprovalEnabled
(deprecated)

boolean

This item is deprecated!

Deprecated and unused.

signinDetails[]

object (SigninDetail)

Sign-in details of the enterprise.

contactInfo

object (ContactInfo)

The enterprise contact info of an EMM-managed enterprise.

googleAuthenticationSettings

object (GoogleAuthenticationSettings)

Settings for Google-provided user authentication.

enterpriseType

enum (EnterpriseType)

Output only. The type of the enterprise.

managedGooglePlayAccountsEnterpriseType

enum (ManagedGooglePlayAccountsEnterpriseType)

Output only. The type of a managed Google Play Accounts enterprise.

managedGoogleDomainType

enum (ManagedGoogleDomainType)

Output only. The type of managed Google domain.

NotificationType

Types of notifications the device management server may send via Google Pub/Sub.

Enums
NOTIFICATION_TYPE_UNSPECIFIEDThis value is ignored.
ENROLLMENTA notification sent when a device enrolls.
COMPLIANCE_REPORT

Deprecated.

This item is deprecated!

STATUS_REPORTA notification sent when a device issues a status report.
COMMANDA notification sent when a device command has completed.
USAGE_LOGSA notification sent when device sendsBatchUsageLogEvents.
ENTERPRISE_UPGRADEA notification sent for an enterprise upgrade. An enterprise upgrade is a process that upgrades a managed Google Play Accounts enterprise to a managed Google domain.

ExternalData

Data hosted at an external location. The data is to be downloaded by Android Device Policy and verified against the hash.

JSON representation
{"url":string,"sha256Hash":string}
Fields
url

string

The absolute URL to the data, which must use either the http or https scheme. Android Device Policy doesn't provide any credentials in the GET request, so the URL must be publicly accessible. Including a long, random component in the URL may be used to prevent attackers from discovering the URL.

sha256Hash

string

The base-64 encoded SHA-256 hash of the content hosted at url. If the content doesn't match this hash, Android Device Policy won't use the data.

TermsAndConditions

A terms and conditions page to be accepted during provisioning.

JSON representation
{"header":{object (UserFacingMessage)},"content":{object (UserFacingMessage)}}
Fields
header

object (UserFacingMessage)

A short header which appears above the HTML content.

content

object (UserFacingMessage)

A well-formatted HTML string. It will be parsed on the client with android.text.Html#fromHtml.

SigninDetail

A resource containing sign in details for an enterprise. Useenterprises to manageSigninDetails for a given enterprise.

For an enterprise, we can have any number ofSigninDetails that is uniquely identified by combination of the following three fields (signinUrl,allowPersonalUsage,tokenTag). One cannot create twoSigninDetails with the same (signinUrl,allowPersonalUsage,tokenTag). (tokenTag is an optional field).

Patch: The operation updates the current list ofSigninDetails with the new list ofSigninDetails.

  • If the storedSigninDetail configuration is passed, it returns the samesigninEnrollmentToken andqrCode.
  • If we pass multiple identicalSigninDetail configurations that are not stored, it will store the first one amongst thoseSigninDetail configurations.
  • if the configuration already exists we cannot request it more than once in a particular patch API call, otherwise it will give a duplicate key error and the whole operation will fail.
  • If we remove certainSigninDetail configuration from the request then it will get removed from the storage. We can then request anothersigninEnrollmentToken andqrCode for the sameSigninDetail configuration.
JSON representation
{"signinUrl":string,"signinEnrollmentToken":string,"qrCode":string,"allowPersonalUsage":enum (AllowPersonalUsage),"defaultStatus":enum (SigninDetailDefaultStatus),"tokenTag":string}
Fields
signinUrl

string

Sign-in URL for authentication when device is provisioned with a sign-in enrollment token. The sign-in endpoint should finish authentication flow with a URL in the form ofhttps://enterprise.google.com/android/enroll?et= for a successful login, orhttps://enterprise.google.com/android/enroll/invalid for a failed login.

signinEnrollmentToken

string

An enterprise wide enrollment token used to trigger custom sign-in flow. This is a read-only field generated by the server.

qrCode

string

A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serializedjava.util.Properties representation of the properties in the JSON. This is a read-only field generated by the server.

allowPersonalUsage

enum (AllowPersonalUsage)

Controls whether personal usage is allowed on a device provisioned with this enrollment token.

For company-owned devices:

  • Enabling personal usage allows the user to set up a work profile on the device.
  • Disabling personal usage requires the user provision the device as a fully managed device.

For personally-owned devices:

  • Enabling personal usage allows the user to set up a work profile on the device.
  • Disabling personal usage will prevent the device from provisioning. Personal usage cannot be disabled on personally-owned device.
defaultStatus

enum (SigninDetailDefaultStatus)

Optional. Whether the sign-in URL should be used by default for the enterprise. TheSigninDetail withdefaultStatus set toSIGNIN_DETAIL_IS_DEFAULT is used for Google account enrollment method. Only one of an enterprise'ssigninDetails can havedefaultStatus set toSIGNIN_DETAIL_IS_DEFAULT. If anEnterprise has at least onesigninDetails and none of them havedefaultStatus set toSIGNIN_DETAIL_IS_DEFAULT then the first one from the list is selected and has setdefaultStatus toSIGNIN_DETAIL_IS_DEFAULT. If nosigninDetails specified for theEnterprise then the Google Account device enrollment will fail.

tokenTag

string

An EMM-specified metadata to distinguish between instances ofSigninDetail.

SigninDetailDefaultStatus

Whether the sign-in URL should be used by default for the enterprise.

Enums
SIGNIN_DETAIL_DEFAULT_STATUS_UNSPECIFIEDEquivalent toSIGNIN_DETAIL_IS_NOT_DEFAULT.
SIGNIN_DETAIL_IS_DEFAULTThe sign-in URL will be used by default for the enterprise.
SIGNIN_DETAIL_IS_NOT_DEFAULTThe sign-in URL will not be used by default for the enterprise.

ContactInfo

Contact details for managed Google Play enterprises.

JSON representation
{"contactEmail":string,"dataProtectionOfficerName":string,"dataProtectionOfficerEmail":string,"dataProtectionOfficerPhone":string,"euRepresentativeName":string,"euRepresentativeEmail":string,"euRepresentativePhone":string}
Fields
contactEmail

string

Email address for a point of contact, which will be used to send important announcements related to managed Google Play.

dataProtectionOfficerName

string

The name of the data protection officer.

dataProtectionOfficerEmail

string

The email of the data protection officer. The email is validated but not verified.

dataProtectionOfficerPhone

string

The phone number of the data protection officer The phone number is validated but not verified.

euRepresentativeName

string

The name of the EU representative.

euRepresentativeEmail

string

The email of the EU representative. The email is validated but not verified.

euRepresentativePhone

string

The phone number of the EU representative. The phone number is validated but not verified.

GoogleAuthenticationSettings

Contains settings for Google-provided user authentication.

JSON representation
{"googleAuthenticationRequired":enum (GoogleAuthenticationRequired)}
Fields
googleAuthenticationRequired

enum (GoogleAuthenticationRequired)

Output only. Whether users need to be authenticated by Google during the enrollment process. IT admin can specify if Google authentication is enabled for the enterprise for knowledge worker devices. This value can be set only via the Google Admin Console. Google authentication can be used withsigninUrl In the case where Google authentication is required and asigninUrl is specified, Google authentication will be launched beforesigninUrl.

GoogleAuthenticationRequired

Setting for whether Google authentication is required for this enterprise.

Enums
GOOGLE_AUTHENTICATION_REQUIRED_UNSPECIFIEDThis value is not used.
NOT_REQUIREDGoogle authentication is not required.
REQUIREDUser is required to be successfully authenticated by Google.

EnterpriseType

The type of the enterprise.

Enums
ENTERPRISE_TYPE_UNSPECIFIEDThis value is not used.
MANAGED_GOOGLE_DOMAINThe enterprise belongs to amanaged Google domain.
MANAGED_GOOGLE_PLAY_ACCOUNTS_ENTERPRISEThe enterprise is amanaged Google Play Accounts enterprise.

ManagedGooglePlayAccountsEnterpriseType

The type of a managed Google Play Accounts enterprise.

Enums
MANAGED_GOOGLE_PLAY_ACCOUNTS_ENTERPRISE_TYPE_UNSPECIFIEDThe managed Google Play Accounts enterprise type is not specified.
CUSTOMER_MANAGEDThe enterprise is customer-managed
EMM_MANAGEDThe enterprise is EMM-managed (deprecated).

ManagedGoogleDomainType

The type of managed Google domain.

Enums
MANAGED_GOOGLE_DOMAIN_TYPE_UNSPECIFIEDThe managed Google domain type is not specified.
TYPE_TEAMThe managed Google domain is an email-verified team.
TYPE_DOMAINThe managed Google domain is domain-verified.

Methods

create

 Creates an enterprise.

delete

 Permanently deletes an enterprise and all accounts and data associated with it.

generateEnterpriseUpgradeUrl

 Generates an enterprise upgrade URL to upgrade an existing managed Google Play Accounts enterprise to a managed Google domain.

get

 Gets an enterprise.

list

 Lists EMM-managed enterprises.

patch

 Updates an enterprise.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-03-31 UTC.