1

I'm trying to provision a dedicated device using Android Management API

I have created an organisation with its account from my personal Gmail account, enabled Android Management API, created an app in Google Play Console and granted the Android Management permission, created a service account and OAuth 2.0 Client IDs, added Cloud Identity Premium subscription and enabled Advanced Mobile Management for Android phones. It seems I did all the nescessary steps. However, I'm unable to manage organistion's enterprise: whenever I try to create a policy, I get a "Caller is not authorized to manage enterprise." response.

I tried provisioning a device with my personal account using an enterprise that belongs to that account and in that case the policy is created successfully. However, then I cannot access my app: when in the process of provisioning a dedicated devise, the phone just hangs when installing the app and does not display any error messages. My guess is that it cannot "see" an app that is private if the enterprice that was used to provision a device belongs to a Gmail account.

There seems to be no way of provisioning a dedicated device with a private app in KIOSK mode. I feel lost and frustrated, as even Google support is unable to find any issues.

Does anybody have any ideas what could be done?

EDIT: I tried provisiong with an app that is public and it managed to finish successfully. However, when I try my private app, it just hangs on Installing new app.... The devices list from Management api returns this data:

`"nonComplianceDetails": [
        {
          "settingName": "applications",
          "nonComplianceReason": "APP_NOT_INSTALLED",
          "packageName": "com.mycompany.myproduct",
          "installationFailureReason": "IN_PROGRESS"
        },
        {
          "settingName": "persistentPreferredActivities",
          "nonComplianceReason": "APP_NOT_INSTALLED",
          "packageName": "com.mycompany.myproduct"
        }
      ],`

However, no matter how long I wait, the installation does not finish.

Jonas S.
  • 111
  • 1
  • 6

1 Answers1

0

It seems you are calling an enterprise ID that doesn’t belong to that account that causes Caller is not authorized to manage enterprise.

An Enterprise resource binds an organization to your Android Management solutions. Devices and Policies both belong to an enterprise. Typically, a single enterprise resource is associated with a single organization. However, you can create multiple enterprises for the same organization based on their needs. For example, an organization may want separate enterprise for its different departments or regions.

To create an enterprise you need a Gmail account that’s not already associated with an enterprise. The basic steps on how to create an enterprise are described in the Quickstart guide.

Additionally, I suggest reviewing the process of creating a Customer-managed Enterprise by having the Enterprise IT admin complete the sign-up flow, as this is the preferred method.

If you want to distribute the private apps to other EMMs, Organization/Enterprise ID is required. You may refer to this documentation for more information on how to publish private apps. Please note that once an app is made private, it can no longer be distributed publicly.

Rey V. Aquino
  • 316
  • 1
  • 2
  • 5