Data flow: Activating an Android Enterprise Work and personal - full control device using a managed Google
Play account
Android Enterprise
Work and personal - full control
device using a managed Google
Play
account
This data flow applies when you allow
BlackBerry UEM
to manage Google
Play
accounts. For more information see the Administration content.- You perform the following actions:
- Add a user toBlackBerry UEMas a local user account or using the account information retrieved from your company directory
- Make sure that the "Work and personal - full control” activation type is assigned to the user
- Allow activation QR codes to include the activation password and the location to download theBlackBerry UEM Client.
- The user resets their device to the factory default settings.
- The device restarts and displays a Welcome or Start screen.
- The user performs the following actions:
- Opens the activation email they received on their computer or another device
- Taps the device screen seven times to open a QR code reader
- Connects the device to aWi-Finetwork
- Scans the QR code in the activation email
- The device performs the following actions:
- Prompts the user to encrypt the device and restarts
- Downloads theUEM Clientfrom the download location specified by the QR code and installs it
- TheUEM Clientperforms the following actions:
- Establishes a connection to theBlackBerry Infrastructure
- Sends a request for activation information to theBlackBerry Infrastructure
- TheBlackBerry Infrastructureperforms the following actions:
- Verifies that the user is a valid, registered user
- Retrieves theBlackBerry UEMserver address for the user
- Sends the server address to theUEM Client
- TheUEM Clientestablishes a connection withBlackBerry UEMusing an HTTP CONNECT call over port 443 and sends an activation request toBlackBerry UEM. The activation request includes the username, password, device operating system, and unique device identifier.
- BlackBerry UEMperforms the following actions:
- Determines the activation type assigned to the user account
- Connects toGoogleand creates a managedGoogle Playuser
- Creates a device instance
- Associates the device instance with the specified user account
- Adds the enrollment session ID to an HTTP session
- Sends the user's managedGoogle Playaccount information and a successful authentication message to the device
- TheUEM Clientperforms the following actions:
- Connects toGoogleto verify the user
- Creates the work profile on the device
- Creates a CSR using the information received fromBlackBerry UEMand sends a client certificate request toBlackBerry UEMover HTTPS
- BlackBerry UEMperforms the following actions:
- Validates the client certificate request against the enrollment session ID in the HTTP session
- Signs the client certificate request with the root certificate
- Sends the signed client certificate and root certificate back to theUEM Client
A mutually authenticated TLS session is established between theUEM ClientandBlackBerry UEM. - TheUEM Clientrequests all configuration information and sends the device and software information toBlackBerry UEM.
- BlackBerry UEMstores the device information in the database and sends the requested configuration information to the device.
- The device sends an acknowledgment toBlackBerry UEMthat it received and applied the configuration information. The activation process is complete.