Data flow: Activating an Android Enterprise Work and personal - user privacy device using a managed Google Play account Skip Navigation

Data flow: Activating an 
Android Enterprise
Work and personal - user privacy
 device using a managed 
Google Play
 account

Diagram showing the steps and components mentioned in the following data flow.
This data flow applies when you allow 
BlackBerry UEM
 to manage 
Google Play
 accounts. For more information see the Administration content.
  1. You perform the following actions:
    1. Add a user to 
      BlackBerry UEM
       as a local user account or using the account information retrieved from your company directory.
    2. Make sure the "
      Work and personal - user privacy
      ” activation type is assigned to the user.
    3. Use one of the following options to provide the user with activation details:
      • Automatically generate a device activation password and, optionally, a 
        QR Code
         and send an email with activation instructions for the user
      • Set a device activation password and communicate the username and password to the user directly or by email
      • Don't set a device activation password and communicate the 
        BlackBerry UEM Self-Service
         address to the user so that they can set their own activation password and view a 
        QR Code
        .
  2. The user downloads 
    BlackBerry UEM Client
     from 
    Google Play
     and installs it on the device. After it is installed, the user opens the 
    BlackBerry UEM Client
     and enters their email address and activation password or scans the 
    QR Code
    .
  3. The 
    BlackBerry UEM Client
     on the device performs the following actions:
    1. Establishes a connection to the 
      BlackBerry Infrastructure
    2. Sends a request for activation information to the 
      BlackBerry Infrastructure
  4. The 
    BlackBerry Infrastructure
     performs the following actions:
    1. Verifies that the user is a valid, registered user
    2. Retrieves the 
      BlackBerry UEM
       address for the user
    3. Sends the address to the 
      BlackBerry UEM Client
  5. The 
    BlackBerry UEM Client
     establishes a connection with 
    BlackBerry UEM
     using an HTTP CONNECT call over port 443 and sends an activation request to 
    BlackBerry UEM
    . The activation request includes the username, password, device operating system, and unique device identifier.
  6. BlackBerry UEM
     performs the following actions:
    1. Determines the activation type assigned to the user account
    2. Connects to 
      Google
       and creates a managed 
      Google Play
       user
    3. Creates a device instance
    4. Associates the device instance with the specified user account
    5. Adds the enrollment session ID to an HTTP session
    6. Sends the user's managed 
      Google Play
       account information and a successful authentication message to the device
  7. If the device is not encrypted, the user is prompted to encrypt the device. 
  8. The 
    BlackBerry UEM Client
     performs the following actions:
    1. Connects to 
      Google
       to verify the user
    2. Creates the work profile on the device 
    3. Creates a CSR using the information received from 
      BlackBerry UEM
       and sends a client certificate request to 
      BlackBerry UEM
       over HTTPS.
  9. BlackBerry UEM
     performs the following actions:
    1. Validates the client certificate request against the enrollment session ID in the HTTP session
    2. Signs the client certificate request with the root certificate
    3. Sends the signed client certificate and root certificate back to the 
      BlackBerry UEM Client
    A mutually authenticated TLS session is established between the 
    BlackBerry UEM Client
     and 
    BlackBerry UEM
    .
  10. The 
    BlackBerry UEM Client
     requests all configuration information and sends the device and software information to 
    BlackBerry UEM
    .
  11. BlackBerry UEM
     stores the device information in the database and sends the requested configuration information to the device.
  12. The device sends an acknowledgment to 
    BlackBerry UEM
     that it received and applied the configuration information. The activation process is complete.