Android Enterprise custom DPC QR code generator (EA)
quick_reference This page is aggressively cached. If the QR isn't generating, try a hard refresh (CRTL/CMD + SHIFT + R).
If your EMM doesn't offer customisation for your generated QR codes, you can use the below form to generate your own. This configurator is intended for use with all known EMMs; those that use any custom DPC.
No information is stored. If you refresh the page, everything will be reset. This is intentional as I have no interest in holding on to your JSON information, Wi-Fi details, or enrolment tokens. That said, as with all third-party applications you use this at your own risk. Check with your boss before you generate tokens if you feel you need to.
What you need:
Your EMM-provided DPC information
Your DPC extras
Your Wi-Fi configuration details (if desired)
When you click Generate QR, all submitted information is processed locally, and the returned image is embedded ephemerally in this page. Right click & save to keep it, edit the submitted text and click generate again to renew it, or refresh the page to clear it.
If the image doesn't load, raise an issue and I'll take a look.
Configure DPC options
Description
DPC options allow for the configuration of a chosen Device Policy Controller. Unlike the AMAPI generator where these options are hidden (as they're preconfigured, and hard-coded), for custom DPC enrolments these fields must match that required by your EMM. More details:
The component name of the Admin Receiver registered within the DPC you'd like to use. This isn't simply a package name, but a component within. MobileIron's, for example, is com.mobileiron/com.mobileiron.receiver.MIDeviceAdmin. If you're unsure of this you can either decompile the DPC APK (which may not be permitted, FYI) or reach out to your EMM vendor for assistance. If you already have devices enrolled, the receiver can be fetched from a bug report, also.
This is the application signature of the application, or signing key verification. You may retrieve this from the EMM, a package search tool, or via command line (see this example). It ensures the application is legitimate by validating app signature. Do not use both PACKAGE and SIGNATURE, it's one or the other.
This is no longer the recommended method of validating authenticity, as it simply validates the package itself matches the specified checksum, and this changes with every APK update. All the same, this is simple enough to generate/validate, more info here. Do not use both PACKAGE and SIGNATURE, it's one or the other.
An available (to the device) URL for the APK to be fetched. It doesn't have to be public, but non-HTTPS may fail.
Configure DPC extras
Description
DPC extras allow organisations to pre-configure the DPC with options during enrolment. These may include the EMM server address, staging credentials, enrolment tokens, and more.
Your EMM will have the most up-to-date support DPC extras, however I maintain a resource here which is occasionally also updated by the community.
The generator automatically adds brackets and spacing, so just enter the extras one-per-line, e.g.:
Remember: This field requires valid JSON, so don't forget those commas on all but the last line of extras, otherwise the QR code will error.
Head's up
DPC extras should be closely guarded as they may grant access to the organisation's EMM platform and sensitive corporate resources. If details are compromised, they should be revoked immediately and new ones generated.
Configure provisioning options
Description
These provisioning options are optional configuration items that affect the behaviour during and after the provisioning process. Here's a brief description of each:
If set to true, all system apps will be enabled during the provisioning process. If false, only the necessary, vital system apps required for device functionality will be enabled. Learn more about vital apps.
android.app.extra.PROVISIONING_USE_MOBILE_DATA
If set to true, the device will be forced to use mobile data during the provisioning process. If false, the device will use Wi-Fi.
android.app.extra.PROVISIONING_KEEP_SCREEN_ON
If set to true, the device's screen will stay on during the provisioning process. If false, the screen may turn off according to the device's usual settings. Note this is only applicable for Android 13. Below 13 this has no impact. Above 13 it is enabled by default.
android.app.extra.PROVISIONING_ALLOW_OFFLINE
If set to true, the device can be provisioned offline, provided the DPC supports it. If false, an internet connection is required for provisioning.
android.app.extra.PROVISIONING_SKIP_ENCRYPTION
If set to true, the device will skip the encryption step during provisioning. If false, the device will be encrypted as part of the provisioning process.
If set to true, the device will skip some of the introductory screens during the provisioning process. If false, all provisioning screens will be shown as normal.
When setting up a new device or re-provisioning an existing one, the android.app.extra.PROVISIONING_LOCALE key can be configured to specify the locale. This key expects a string value in the format of language-country, where language is a two-letter ISO 639-1 language code and country is a two-letter ISO 3166-1 alpha-2 country code. See the example reference provided next to the input for guidance.
The android.app.extra.PROVISIONING_TIME_ZONE key is used during the provisioning of Android devices to set the device time zone. Modern Android devices can pick this up automatically and with Wi-Fi only, but for older Android versions (sub 12) it is far more rigid, and this setting avoids frustrating users down the line.
These settings are particularly useful in use cases where devices need to be configured with specific time and region parameters, and allows admins to configure these ahead of time when staging devices for global distribution.
Configure Wi-Fi network
Description
Configuring Wi-Fi Provisioning Options for Android Enterprise
As an administrator, you have several configuration options available to ensure that devices are set up with the correct Wi-Fi settings during the provisioning process. Here’s how you can configure these options:
Wi-Fi security type
Options:
WPA/WPA2 PSK: This option uses WPA or WPA2 with a pre-shared key, providing robust security suitable for most enterprise environments.
WEP: This option uses WEP, an older and less secure standard, and is generally not recommended due to its vulnerabilities.
None: This option configures the device to connect to open networks without any encryption. Ideal for staging networks with client isolation.
EAP options will be added at a later date. QR code complexity limits can make scanning unreliable, so it has been omitted pending a suitable solution.
(If you're feeling clever, you may be able to enable the fields via dev tools, since they're in the source of this page..)
Wi-Fi SSID
Enter the name of the Wi-Fi network you want the device to connect to.
Hidden SSID
Check this box if the Wi-Fi network’s SSID is hidden. Hidden SSIDs do not broadcast the network name, making the network less visible to users and devices.
Wi-Fi password
Enter the password for the Wi-Fi network. This field is necessary for networks secured with WPA/WPA2 or WEP. Note this is saved into the QR code in plaintext.
Wi-Fi PAC URL
If your network requires a Proxy Auto-Config (PAC) URL, enter it here. PAC files are used to automatically configure the browser to use the correct proxy server for accessing the internet.
Wi-Fi proxy host
Enter the hostname or IP address of the proxy server that devices should use to connect to the internet.
Wi-Fi proxy port
Enter the port number of the proxy server.
Wi-Fi proxy bypass URL
Specify any URLs that should bypass the proxy server. This can be useful for internal resources that do not require proxy access. This should support a comma-separated list of domains in the format example.com,internal.local.