REST Resource: enterprises.enrollmentTokens

Resource: EnrollmentToken

An enrollment token.

JSON representation
{
  "name": string,
  "value": string,
  "duration": string,
  "expirationTimestamp": string,
  "policyName": string,
  "additionalData": string,
  "qrCode": string,
  "oneTimeOnly": boolean,
  "user": {
    object (User)
  },
  "allowPersonalUsage": enum (AllowPersonalUsage)
}
Fields
name

string

The name of the enrollment token, which is generated by the server during creation, in the form enterprises/{enterpriseId}/enrollmentTokens/{enrollmentTokenId}.

value

string

The token value that's passed to the device and authorizes the device to enroll. This is a read-only field generated by the server.

duration

string (Duration format)

The length of time the enrollment token is valid, ranging from 1 minute to Durations.MAX_VALUE, approximately 10,000 years. If not specified, the default duration is 1 hour. Please note that if requested duration causes the resulting expirationTimestamp to exceed Timestamps.MAX_VALUE, then expirationTimestamp is coerced to Timestamps.MAX_VALUE.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

expirationTimestamp

string (Timestamp format)

The expiration time of the token. This is a read-only field generated by the server.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

policyName

string

The name of the policy initially applied to the enrolled device, in the form enterprises/{enterpriseId}/policies/{policyId}. If not specified, the policyName for the device’s user is applied. If userName is also not specified, enterprises/{enterpriseId}/policies/default is applied by default. When updating this field, you can specify only the policyId as long as the policyId doesn’t contain any slashes. The rest of the policy name will be inferred.

additionalData

string

Optional, arbitrary data associated with the enrollment token. This could contain, for example, the ID of an org unit the device is assigned to after enrollment. After a device enrolls with the token, this data will be exposed in the enrollmentTokenData field of the Device resource. The data must be 1024 characters or less; otherwise, the creation request will fail.

qrCode

string

A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serialized java.util.Properties representation of the properties in the JSON.

oneTimeOnly

boolean

Whether the enrollment token is for one time use only. If the flag is set to true, only one device can use it for registration.

user

object (User)

The user associated with this enrollment token. If it's specified when the enrollment token is created and the user does not exist, the user will be created. This field must not contain personally identifiable information. Only the accountIdentifier field needs to be set.

allowPersonalUsage

enum (AllowPersonalUsage)

Controls whether personal usage is allowed on a device provisioned with this enrollment token.

For company-owned devices:

  • Enabling personal usage allows the user to set up a work profile on the device.
  • Disabling personal usage requires the user provision the device as a fully managed device.

For personally-owned devices:

  • Enabling personal usage allows the user to set up a work profile on the device.
  • Disabling personal usage will prevent the device from provisioning. Personal usage cannot be disabled on personally-owned device.

Methods

create

Creates an enrollment token for a given enterprise.

delete

Deletes an enrollment token.

get

Gets an active, unexpired enrollment token.

list

Lists active, unexpired enrollment tokens for a given enterprise.