Android Enterprise AMAPI QR code generator

quick_reference This page is aggressively cached. If the QR isn't generating, try a hard refresh (CRTL/CMD + SHIFT + R).

If your EMM doesn't offer customisation for your generated QR codes, you can use the below form to generate your own. This configurator is intended for use with AMAPI based EMMs; those that use the Android Device Policy application for device management. For custom DPC solutions (MobileIron, WS1 UEM, MaaS360, SOTI, etc) or for more customisation, more features will be added in future.

No information is stored. If you refresh the page, everything will be reset. This is intentional as I have no interest in holding on to your JSON information, Wi-Fi details, or enrolment tokens. That said, as with all third-party applications you use this at your own risk. Check with your boss before you generate tokens if you feel you need to.

What you need:

Your enrolment token*
Your Wi-Fi configuration details (if desired)

When you click Generate QR, all submitted information is processed locally, and the returned image is embedded ephemerally in this page. Right click & save to keep it, edit the submitted text and click generate again to renew it, or refresh the page to clear it.

If the image doesn't load, raise an issue and I'll take a look.

Token*

Description

The Android Enterprise Enrolment Token is a unique identifier that is used to enrol Android devices into an organisation's AMAPI-powered EMM. This token is generated by the EMM provider and is used during the provisioning process to establish a relationship between the device and the EMM server. This then allows the EMM provider to manage and configure device settings, install applications, and enforce security policies on behalf of the organisation.

Head's up

The enrolment token should be closely guarded as it grants access to the organisation's EMM platform and may grant access to sensitive corporate resources. If the token is compromised, it should be revoked immediately and a new one generated.

Configure provisioning options

Enable system apps

Use mobile network for provisioning

Allow offline provisioning

Keep screen on (⚠️ Android 13 only)

Skip encryption

Skip education screens

Description

Theses provisioning options are optional configuration items that affect the behaviour during and after the provisioning process. Here's a brief description of each:

android.app.extra.PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED: If set to true, all system apps will be enabled during the provisioning process. If false, only the necessary, vital system apps required for device functionality will be enabled. Learn more about vital apps.
android.app.extra.PROVISIONING_USE_MOBILE_DATA: If set to true, the device will be forced to use mobile data during the provisioning process. If false, the device will use Wi-Fi.
android.app.extra.PROVISIONING_KEEP_SCREEN_ON: If set to true, the device's screen will stay on during the provisioning process. If false, the screen may turn off according to the device's usual settings. Note this is only applicable for Android 13. Below 13 this has no impact. Above 13 it is enabled by default.
android.app.extra.PROVISIONING_ALLOW_OFFLINE: If set to true, the device can be provisioned offline, provided the DPC supports it. If false, an internet connection is required for provisioning.
android.app.extra.PROVISIONING_SKIP_ENCRYPTION: If set to true, the device will skip the encryption step during provisioning. If false, the device will be encrypted as part of the provisioning process.
android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS: If set to true, the device will skip some of the introductory screens during the provisioning process. If false, all provisioning screens will be shown as normal.

Set Locale (Ref)

Set Timezone (Ref)

Description

When setting up a new device or re-provisioning an existing one, the android.app.extra.PROVISIONING_LOCALE key can be configured to specify the locale. This key expects a string value in the format of language-country, where language is a two-letter ISO 639-1 language code and country is a two-letter ISO 3166-1 alpha-2 country code. See the example reference provided next to the input for guidance.

The android.app.extra.PROVISIONING_TIME_ZONE key is used during the provisioning of Android devices to set the device time zone. Modern Android devices can pick this up automatically and with Wi-Fi only, but for older Android versions (sub 12) it is far more rigid, and this setting avoids frustrating users down the line.

These settings are particularly useful in use cases where devices need to be configured with specific time and region parameters, and allows admins to configure these ahead of time when staging devices for global distribution.

Configure Wi-Fi network

Wi-Fi Security

Wi-Fi SSID

Hidden SSID

Wi-Fi Password

Wi-Fi PAC URL, if required

Wi-Fi Proxy Host

Wi-Fi Proxy Port

Wi-Fi Proxy Bypass URL

Description

Configuring Wi-Fi Provisioning Options for Android Enterprise

As an administrator, you have several configuration options available to ensure that devices are set up with the correct Wi-Fi settings during the provisioning process. Here’s how you can configure these options:

Wi-Fi Security Type

Options:

WPA/WPA2 PSK: This option uses WPA or WPA2 with a pre-shared key, providing robust security suitable for most enterprise environments.
WEP: This option uses WEP, an older and less secure standard, and is generally not recommended due to its vulnerabilities.
None: This option configures the device to connect to open networks without any encryption. Ideal for staging networks with client isolation.

EAP options will be added at a later date. QR code complexity limits can make scanning unreliable, so it has been omitted pending a suitable solution.

(If you're feeling clever, you may be able to enable the fields via dev tools, since they're in the source of this page..)

Wi-Fi SSID: Enter the name of the Wi-Fi network you want the device to connect to.
Hidden SSID: Check this box if the Wi-Fi network’s SSID is hidden. Hidden SSIDs do not broadcast the network name, making the network less visible to users and devices.
Wi-Fi Password: Enter the password for the Wi-Fi network. This field is necessary for networks secured with WPA/WPA2 or WEP. Note this is saved into the QR code in plaintext.
Wi-Fi PAC URL: If your network requires a Proxy Auto-Config (PAC) URL, enter it here. PAC files are used to automatically configure the browser to use the correct proxy server for accessing the internet.
Wi-Fi Proxy Host: Enter the hostname or IP address of the proxy server that devices should use to connect to the internet.
Wi-Fi Proxy Port: Enter the port number of the proxy server.
Wi-Fi Proxy Bypass URL: Specify any URLs that should bypass the proxy server. This can be useful for internal resources that do not require proxy access. This should support a comma-separated list of domains in the format example.com,internal.local.