This site is currently in beta. View known issues here, and report additional issues here.
BAYTON
Certified Android Enterprise Expert
profile pic

Jason Bayton

Certified Android Enterprise Expert

vExpert ● Android Advocate ● CPO
Jan 08, 2019 | Mar 31, 2021 | 3 minutes

Android Enterprise zero-touch DPC extras collection

DPC extras can be used to associate Android Enterprise fully managed devices with a particular EMM/UEM platform during provisioning. 

The following examples offer a complete DPC extra snippet that can be copied and pasted into the zero-touch configuration. The items in bold will need to be edited to suit your environment, though, otherwise the zero-touch enrolment process will fail.

Editing ADMIN EXTRAS BUNDLE

To be of value, the ADMIN_EXTRAS_BUNDLE should ideally at least include the server URL or identifier (where appropriate), however lines for username, password, and more can optionally be omitted to allow the config to remain generic.

JSON doesn't leave room for error - the last line within ADMIN_EXTRAS_BUNDLE must not have a trailing comma ",". See "user" in the MobileIron config has a comma, but "quickstart" does not? If you remove "quickstart", you'd need to remove the comma from "user" as it then becomes the last line, otherwise it could throw up an error.

Trust but verify
Most of these DPC extra collections have been submitted either by EMM vendors or customers of the EMM referenced. The vendor may make changes to the extras they provide without my knowledge so it is recommended should the below extras fail to properly work, that you validate with your EMM before contacting me (but do feel free to reach out with updates!)
Usernames & passwords
Unless the username and password are stipulated for the purpose of staging, they should not be included at all due to the potential security risks associated. If an IMEI not belonging to an organisation is mistakenly added (typo, miscommunication, human error), the device will be able to enrol automatically and potentially gain access to corporate resources.
Google announces zero-touch EMM integration

For those who consider copying and pasting JSON code a bit of a pain, you're in luck; Google announced the zero-touch iFrame, allowing EMMs to integrate with a customer zero-touch account, allowing - amongst other features - the ability to manage DPC extras automatically.

Reach out to your vendor to ask when this functionality will be available.

MobileIron

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"server":"your.server.com",
"user":"user",
"quickStart":true/false
}
}

AirWatch / Workspace One UEM

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"serverurl":"your.server.com",
"gid":"yourGroupID",
"un":"staginguser",
"pw":"example"
}
}

SOTI

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"enrollmentId":"EnrollmentID"
}
}

MaaS360

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"enrollment_corp_id”:”CorporateID”,
”enrollment_account_type":"userAccount",
"enrollment_domain":"domain",
"enrollment_username”:”staginguser”,
"enrollment_email":"emailaddress@email.com",
"enrollment_password”:”example”,
"enrollment_ownership":"Corporate Owned"
}
}

Codeproof EMM

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"displayname":"devicename",
"userid":"staginguser".
"password":"example"
}
}

Intune

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YourEnrollmentToken"
}
}

Miradore

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"RegistrationKey": "REGISTRATIONKEY",
"EnrollmentKey": "ENROLLMENTKEY",
"SiteIdentifier": "SITEIDENTIFIER"
}
}

BlackBerry UEM

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"URL":"SERVERURL",
"CACFPrint":"CHECKWITHBB",
"stc":"CHECKWITHBB",
"Username":"USERNAME"
}
}

FAMOC

{  
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,  
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {   
"fqdn":"your.server.com",   
"bootstrap_key":"yourIndividualKey"   
}   
}

mySync

{   
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,  
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {   
"serviceUrl": "https://server.host.name.here/rest/api",  
"installationCode": "ten-character-code"   
}   
}

XenMobile

{   
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,  
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {   
"serverURL":"URL",   
"xm_username":"username",   
"xm_password":"password"   
}   
}

VXL Fusion UEM

{   
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,  
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {   
"fusionuem_server_url":"server url",   
"fusionuem_token_id":"token id"  
}   
}

Samsung Knox Manage

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"ServerUrl": "Your Server Url",
"TenantId": "Your Knox Manage Tenant ID",
"TenantType": "M",
"Method": "ZeroTouch"
}
}

Chimpa MDM

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{ "chimpa_activationCode":"YOURTENANTCODE",
"provisionType":0/1,
"additionalProvisioningText":"your additional text to show",
"whiteLabelLogo":"https://yoururl/resource.png",
}
}

provisionType values:
0 Fully Managed
1 Enhanced Work Profile (Android 11+)

42Gears SureMDM

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED": true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE”:{
"AccountId":"1000001",
"ServerPath":"suremdm.42gears.com"
}
}

Meraki Systems Manager

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false,
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"enrollment_url":"https://m.meraki.com/enroll/?android_from_store=true&enrollment_code=Your_Meraki_Enrollment_Identifier"
}
}

TinyMDM

{
"android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED":true/false, "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
"enrollmentId": “XXXXXXXXXXXXXXXX"
}
}

Other interesting zero-touch config options

The following additional options go before the ADMIN_EXTRAS_BUNDLE line and may require EMM support to function:

"android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS":true/false,
"android.app.extra.PROVISIONING_LOCALE":"en_GB",
"android.app.extra.PROVISIONING_USE_MOBILE_DATA":true/false,

Here's a few more.

Submit zero-touch DPC extras

If you’d like to see your DPC extras added to this list, please fill out this form or comment below.

Problem with this content? Submit a PR.