Resource: Device
A Device within the Cloud Identity Devices API.
Represents a Device
known to Google Cloud, independent of the device ownership, type, and whether it is assigned or in use by a user.
Important: Device API scopes require that you use domain-wide delegation to access the API. For more information, see Set up the Devices API .
| JSON representation |
|---|
{ "name" : string , "createTime" : string , "lastSyncTime" : string , "ownerType" : enum ( |
| Fields | |
|---|---|
name
|
Output only. Resource name
of the Device in format: |
createTime
|
Output only. When the Company-Owned device was imported. This field is empty for BYOD devices. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
lastSyncTime
|
Most recent time when device synced with this service. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
ownerType
|
Output only. Whether the device is owned by the company or an individual |
model
|
Output only. Model name of device. Example: Pixel 3. |
osVersion
|
Output only. OS version of the device. Example: Android 8.1.0. |
deviceType
|
Output only. Type of device. |
serialNumber
|
Serial Number of device. Example: HT82V1A01076. |
assetTag
|
Asset tag of the device. |
imei
|
Output only. IMEI number of device if GSM device; empty otherwise. |
meid
|
Output only. MEID number of device if CDMA device; empty otherwise. |
wifiMacAddresses[]
|
WiFi MAC addresses of device. |
networkOperator
|
Output only. Mobile or network operator of device, if available. |
manufacturer
|
Output only. Device manufacturer. Example: Motorola. |
releaseVersion
|
Output only. OS release version. Example: 6.0. |
brand
|
Output only. Device brand. Example: Samsung. |
buildNumber
|
Output only. Build number of the device. |
kernelVersion
|
Output only. Kernel version of the device. |
basebandVersion
|
Output only. Baseband version of the device. |
enabledDeveloperOptions
|
Output only. Whether developer options is enabled on device. |
otherAccounts[]
|
Output only. Domain name for Google accounts on device. Type for other accounts on device. On Android, will only be populated if |ownershipPrivilege| is |PROFILE_OWNER| or |DEVICE_OWNER|. Does not include the account signed in to the device policy app if that account's domain has only one account. Examples: "com.example", "xyz.com". |
enabledUsbDebugging
|
Output only. Whether USB debugging is enabled on device. |
securityPatchTime
|
Output only. OS security patch update time on device. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
bootloaderVersion
|
Output only. Device bootloader version. Example: 0.6.7. |
encryptionState
|
Output only. Device encryption state. |
androidSpecificAttributes
|
Output only. Attributes specific to Android devices. |
managementState
|
Output only. Management state of the device |
compromisedState
|
Output only. Represents whether the Device is compromised. |
endpointVerificationSpecificAttributes
|
Output only. Attributes specific to Endpoint Verification devices. |
deviceId
|
Unique identifier for the device. |
unifiedDeviceId
|
Output only. Unified device id of the device. |
hostname
|
Host name of the device. |
clientTypes[]
|
List of the clients the device is reporting to. |
DeviceOwnership
Possible owners of the device: Company or individual
| Enums | |
|---|---|
DEVICE_OWNERSHIP_UNSPECIFIED
|
Default value. The value is unused. |
COMPANY
|
Company owns the device. |
BYOD
|
Bring Your Own Device (i.e. individual owns the device) |
DeviceType
Type of device
| Enums | |
|---|---|
DEVICE_TYPE_UNSPECIFIED
|
Unknown device type |
ANDROID
|
Device is an Android device |
IOS
|
Device is an iOS device |
GOOGLE_SYNC
|
Device is a Google Sync device. |
WINDOWS
|
Device is a Windows device. |
MAC_OS
|
Device is a MacOS device. |
LINUX
|
Device is a Linux device. |
CHROME_OS
|
Device is a ChromeOS device. |
EncryptionState
Possible values of encryption state for this device.
| Enums | |
|---|---|
ENCRYPTION_STATE_UNSPECIFIED
|
Encryption Status is not set. |
UNSUPPORTED_BY_DEVICE
|
Device doesn't support encryption. |
ENCRYPTED
|
Device is encrypted. |
NOT_ENCRYPTED
|
Device is not encrypted. |
AndroidAttributes
Resource representing the Android specific attributes of a Device.
| JSON representation |
|---|
{
"enabledUnknownSources"
:
boolean
,
"supportsWorkProfile"
:
boolean
,
"ownerProfileAccount"
:
boolean
,
"ownershipPrivilege"
:
enum (
|
| Fields | |
|---|---|
enabledUnknownSources
|
Whether applications from unknown sources can be installed on device. |
supportsWorkProfile
|
Whether device supports Android work profiles. If false, this service will not block access to corp data even if an administrator turns on the "Enforce Work Profile" policy. |
ownerProfileAccount
|
Whether this account is on an owner/primary profile. For phones, only true for owner profiles. Android 4+ devices can have secondary or restricted user profiles. |
ownershipPrivilege
|
Ownership privileges on device. |
verifiedBoot
|
Whether Android verified boot status is GREEN. |
ctsProfileMatch
|
Whether the device passes Android CTS compliance. |
verifyAppsEnabled
|
Whether Google Play Protect Verify Apps is enabled. |
hasPotentiallyHarmfulApps
|
Whether any potentially harmful apps were detected on the device. |
OwnershipPrivilege
Specifies how the device ownership privilege is configured on the device.
| Enums | |
|---|---|
OWNERSHIP_PRIVILEGE_UNSPECIFIED
|
Ownership privilege is not set. |
DEVICE_ADMINISTRATOR
|
Active device administrator privileges on the device. |
PROFILE_OWNER
|
Profile Owner privileges. The account is in a managed corporate profile. |
DEVICE_OWNER
|
Device Owner privileges on the device. |
ManagementState
Possible management states of a device.
| Enums | |
|---|---|
MANAGEMENT_STATE_UNSPECIFIED
|
Default value. This value is unused. |
APPROVED
|
Device is approved. |
BLOCKED
|
Device is blocked. |
PENDING
|
Device is pending approval. |
UNPROVISIONED
|
The device is not provisioned. Device will start from this state until some action is taken (i.e. a user starts using the device). |
WIPING
|
Data and settings on the device are being removed. |
WIPED
|
All data and settings on the device are removed. |
CompromisedState
Represents whether the device is compromised
| Enums | |
|---|---|
COMPROMISED_STATE_UNSPECIFIED
|
Default value. |
COMPROMISED
|
The device is compromised (currently, this means Android device is rooted). |
UNCOMPROMISED
|
The device is safe (currently, this means Android device is unrooted). |
EndpointVerificationSpecificAttributes
Resource representing the Endpoint Verification-specific attributes of a device.
| JSON representation |
|---|
{ "certificateAttributes" : [ { object ( |
certificateAttributes[]
object (
CertificateAttributes
)
Details of certificates.
browserAttributes[]
object (
BrowserAttributes
)
Details of browser profiles reported by Endpoint Verification.
additionalSignals
object (
Struct
format)
Additional signals reported by Endpoint Verification. It includes the following attributes:
- Non-configurable attributes: hotfixes, av_installed, av_enabled, windows_domain_name, is_os_native_firewall_enabled, and is_secure_boot_enabled.
- Configurable attributes : file, folder, and binary attributes; registry entries; and properties in a plist.
CertificateAttributes
Stores information about a certificate.
| JSON representation |
|---|
{ "fingerprint" : string , "thumbprint" : string , "validationState" : enum ( |
| Fields | |
|---|---|
fingerprint
|
The encoded certificate fingerprint. |
thumbprint
|
The certificate thumbprint. |
validationState
|
Validation state of this certificate. |
serialNumber
|
Serial number of the certificate, Example: "123456789". |
validityStartTime
|
Certificate not valid before this timestamp. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
validityExpirationTime
|
Certificate not valid at or after this timestamp. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
issuer
|
The name of the issuer of this certificate. |
subject
|
The subject name of this certificate. |
certificateTemplate
|
The X.509 extension for CertificateTemplate. |
CertificateValidationState
Certificate validation status, which denotes if the certificate chain was validated for this certificate and if this certificate chains up to a trusted root for enterprise certificates.
| Enums | |
|---|---|
CERTIFICATE_VALIDATION_STATE_UNSPECIFIED
|
Default value. |
VALIDATION_SUCCESSFUL
|
Certificate validation was successful. |
VALIDATION_FAILED
|
Certificate validation failed. |
CertificateTemplate
CertificateTemplate (v3 Extension in X.509).
| JSON representation |
|---|
{ "id" : string , "majorVersion" : integer , "minorVersion" : integer } |
| Fields | |
|---|---|
id
|
The template id of the template. Example: "1.3.6.1.4.1.311.21.8.15608621.11768144.5720724.16068415.6889630.81.2472537.7784047". |
majorVersion
|
The Major version of the template. Example: 100. |
minorVersion
|
The minor version of the template. Example: 12. |
BrowserAttributes
Contains information about browser profiles reported by the Endpoint Verification extension .
| JSON representation |
|---|
{
"lastProfileSyncTime"
:
string
,
"chromeBrowserInfo"
:
{
object (
|
| Fields | |
|---|---|
lastProfileSyncTime
|
Timestamp in milliseconds since the Unix epoch when the profile/gcm id was last synced. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
chromeBrowserInfo
|
Represents the current state of the Chrome browser attributes sent by the Endpoint Verification extension . |
chromeProfileId
|
Chrome profile ID that is exposed by the Chrome API. It is unique for each device. |
BrowserInfo
Browser-specific fields reported by the Endpoint Verification extension .
| JSON representation |
|---|
{ "browserVersion" : string , "browserManagementState" : enum ( |
| Fields | |
|---|---|
browserVersion
|
Version of the request initiating browser. E.g. |
browserManagementState
|
Output only. Browser's management state. |
isFileUploadAnalysisEnabled
|
Current state of file upload analysis . Set to true if provider list from Chrome is non-empty. |
isFileDownloadAnalysisEnabled
|
Current state of file download analysis . Set to true if provider list from Chrome is non-empty. |
isBulkDataEntryAnalysisEnabled
|
Current state of bulk data analysis . Set to true if provider list from Chrome is non-empty. |
isSecurityEventAnalysisEnabled
|
Current state of security event analysis . Set to true if provider list from Chrome is non-empty. |
isRealtimeUrlCheckEnabled
|
Current state of real-time URL check . Set to true if provider list from Chrome is non-empty. |
safeBrowsingProtectionLevel
|
Current state of Safe Browsing protection level . |
isSiteIsolationEnabled
|
Current state of site isolation . |
isBuiltInDnsClientEnabled
|
Current state of built-in DNS client . |
passwordProtectionWarningTrigger
|
Current state of password protection trigger . |
isChromeRemoteDesktopAppBlocked
|
Current state of Chrome Remote Desktop app . |
isChromeCleanupEnabled
|
Current state of Chrome Cleanup . |
isThirdPartyBlockingEnabled
|
Current state of third-party blocking . |
BrowserManagementState
Information regarding management state of the profile.
| Enums | |
|---|---|
UNSPECIFIED
|
Management state is not specified. |
UNMANAGED
|
Browser/Profile is not managed by any customer. |
MANAGED_BY_OTHER_DOMAIN
|
Browser/Profile is managed, but by some other customer. |
PROFILE_MANAGED
|
Profile is managed by customer. |
BROWSER_MANAGED
|
Browser is managed by customer. |
SafeBrowsingLevel
Information regarding the browsing protection level policy of the browser.
| Enums | |
|---|---|
SAFE_BROWSING_LEVEL_UNSPECIFIED
|
Browser protection level is not specified. |
DISABLED
|
No protection against dangerous websites, downloads, and extensions. |
STANDARD
|
Standard protection against websites, downloads, and extensions that are known to be dangerous. |
ENHANCED
|
Faster, proactive protection against dangerous websites, downloads, and extensions. |
PasswordProtectionTrigger
Information regarding the password protect warning trigger policy of the browser
| Enums | |
|---|---|
PASSWORD_PROTECTION_TRIGGER_UNSPECIFIED
|
Password protection is not specified. |
PROTECTION_OFF
|
Password reuse is never detected. |
PASSWORD_REUSE
|
Warning is shown when the user reuses their protected password on a non-allowed site. |
PHISHING_REUSE
|
Warning is shown when the user reuses their protected password on a phishing site. |
ClientType
Client type on the device
| Enums | |
|---|---|
CLIENT_TYPE_UNSPECIFIED
|
Default value |
DRIVE_FS
|
Managed by DriveFS |
FUNDAMENTAL
|
Management type for every secure device |
ENDPOINT_VERIFICATION
|
Managed by Endpoint Verification |
WINDOWS_ADVANCED
|
Managed by Windows |
GOOGLE_CREDENTIALS_PROVIDER_FOR_WINDOWS
|
Managed by Google credential provider for windows |
Methods |
|
|---|---|
|
Cancels an unfinished device wipe. |
|
Creates a device. |
|
Deletes the specified device. |
|
Retrieves the specified device. |
|
Lists/Searches devices. |
|
Wipes all data on the specified device. |
