androidkioskkiosk-modeandroid-management-apiandroid-enterprise

Enrollment token expiry in Android Management API


I have been going through detailed documentation of Android Enterprise for Dedicated Devices setup. I have query regarding expiry of Enrollment Token. Before that, let me highlight scenario.

  1. I manage Dedicated Device using my own server implementing Android Management APIs. I have to create Enrollment Token for an enterprise that will link associated devices to it. Google has explained process here with sample code.

  2. Now on android device, if I use DPC identifier to provision factory reset device, user has to enter afw#setup instead of google account, which will download Device Policy. After entering Enrollment Token, device will be associated to corresponding enterprise. Kiosk app will be downloaded and will take hold of the device.

In documentation, it has been specified that token will expire in 30 days. What will happen if Enrollment Token expires? What will be impact on device and app altogether? Has anyone experienced?


Solution

  • When an enrollment token expires it can no longer be used to provision new devices. If you try to provision a device with an expired token a message will inform you that the token is invalid and will prompt you to enter another token.

    Existing devices that have been provisioned using the token are not affected by the token expiring, the token is only relevant during device provisioning.

    You can verify that by generating a token with a short duration (e.g. 5 minutes).