I had a customer issue pop up today where they'd provided a vendor with their enterprise ID for the purpose of having a private app shared with them.
All went as expected, the vendor confirmed it was shared, and the application then appeared in the Google Play iFrame for import.
Except.. it wouldn't.
We did a bunch of debugging starting at the AMAPI layer, seeing 404s (not found) when the app was queried against the customer environment and slowly worked back from there. Since the app showed in Google Play, it must be fine, it must have been shared correctly from the vendor side so.. what gives?
I asked the customer to show me exactly what was shared with the vendor, and they sent over a screenshot.
..of the Google Workspace account settings page.
So today I learned:
- Sharing to the customer ID of Workspace when the customer is using the new enrolment/signup flow grants visibility to the app across 3rd party AMAPI enterprise IDs within
- Said visibility doesn't extend to access, so although it can be seen, the AMAPI
applications.getreturns not found, because I assume the enterprise ID itself isn't allowlisted - This is something that isn't going to be an isolated incident.
So in summary, if your customer reports sharing their "enterprise ID", but the EMM is struggling to import it, this could be why.
I'm not sure if this is a bug or just a half-finished feature.
#androidenterprise