Resource: Device
A Device within the Cloud Identity Devices API.
Represents a Device known to Google Cloud, independent of the device ownership, type, and whether it is assigned or in use by a user.
Important: Device API scopes require that you use domain-wide delegation to access the API. For more information, see Set up the Devices API.
| JSON representation | 
|---|
| { "name": string, "createTime": string, "lastSyncTime": string, "ownerType": enum ( | 
| Fields | |
|---|---|
| name | 
 Output only. Resource name of the Device in format:  | 
| createTime | 
 Output only. When the Company-Owned device was imported. This field is empty for BYOD devices. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| lastSyncTime | 
 Most recent time when device synced with this service. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| ownerType | 
 Output only. Whether the device is owned by the company or an individual | 
| model | 
 Output only. Model name of device. Example: Pixel 3. | 
| osVersion | 
 Output only. OS version of the device. Example: Android 8.1.0. | 
| deviceType | 
 Output only. Type of device. | 
| serialNumber | 
 Serial Number of device. Example: HT82V1A01076. | 
| assetTag | 
 Asset tag of the device. | 
| imei | 
 Output only. IMEI number of device if GSM device; empty otherwise. | 
| meid | 
 Output only. MEID number of device if CDMA device; empty otherwise. | 
| wifiMacAddresses[] | 
 WiFi MAC addresses of device. | 
| networkOperator | 
 Output only. Mobile or network operator of device, if available. | 
| manufacturer | 
 Output only. Device manufacturer. Example: Motorola. | 
| releaseVersion | 
 Output only. OS release version. Example: 6.0. | 
| brand | 
 Output only. Device brand. Example: Samsung. | 
| buildNumber | 
 Output only. Build number of the device. | 
| kernelVersion | 
 Output only. Kernel version of the device. | 
| basebandVersion | 
 Output only. Baseband version of the device. | 
| enabledDeveloperOptions | 
 Output only. Whether developer options is enabled on device. | 
| otherAccounts[] | 
 Output only. Domain name for Google accounts on device. Type for other accounts on device. On Android, will only be populated if |ownershipPrivilege| is |PROFILE_OWNER| or |DEVICE_OWNER|. Does not include the account signed in to the device policy app if that account's domain has only one account. Examples: "com.example", "xyz.com". | 
| enabledUsbDebugging | 
 Output only. Whether USB debugging is enabled on device. | 
| securityPatchTime | 
 Output only. OS security patch update time on device. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| bootloaderVersion | 
 Output only. Device bootloader version. Example: 0.6.7. | 
| encryptionState | 
 Output only. Device encryption state. | 
| androidSpecificAttributes | 
 Output only. Attributes specific to Android devices. | 
| managementState | 
 Output only. Management state of the device | 
| compromisedState | 
 Output only. Represents whether the Device is compromised. | 
| endpointVerificationSpecificAttributes | 
 Output only. Attributes specific to Endpoint Verification devices. | 
| deviceId | 
 Unique identifier for the device. | 
| unifiedDeviceId | 
 Output only. Unified device id of the device. | 
| hostname | 
 Host name of the device. | 
| clientTypes[] | 
 List of the clients the device is reporting to. | 
DeviceOwnership
Possible owners of the device: Company or individual
| Enums | |
|---|---|
| DEVICE_OWNERSHIP_UNSPECIFIED | Default value. The value is unused. | 
| COMPANY | Company owns the device. | 
| BYOD | Bring Your Own Device (i.e. individual owns the device) | 
DeviceType
Type of device
| Enums | |
|---|---|
| DEVICE_TYPE_UNSPECIFIED | Unknown device type | 
| ANDROID | Device is an Android device | 
| IOS | Device is an iOS device | 
| GOOGLE_SYNC | Device is a Google Sync device. | 
| WINDOWS | Device is a Windows device. | 
| MAC_OS | Device is a MacOS device. | 
| LINUX | Device is a Linux device. | 
| CHROME_OS | Device is a ChromeOS device. | 
EncryptionState
Possible values of encryption state for this device.
| Enums | |
|---|---|
| ENCRYPTION_STATE_UNSPECIFIED | Encryption Status is not set. | 
| UNSUPPORTED_BY_DEVICE | Device doesn't support encryption. | 
| ENCRYPTED | Device is encrypted. | 
| NOT_ENCRYPTED | Device is not encrypted. | 
AndroidAttributes
Resource representing the Android specific attributes of a Device.
| JSON representation | 
|---|
| {
  "enabledUnknownSources": boolean,
  "supportsWorkProfile": boolean,
  "ownerProfileAccount": boolean,
  "ownershipPrivilege": enum ( | 
| Fields | |
|---|---|
| enabledUnknownSources | 
 Whether applications from unknown sources can be installed on device. | 
| supportsWorkProfile | 
 Whether device supports Android work profiles. If false, this service will not block access to corp data even if an administrator turns on the "Enforce Work Profile" policy. | 
| ownerProfileAccount | 
 Whether this account is on an owner/primary profile. For phones, only true for owner profiles. Android 4+ devices can have secondary or restricted user profiles. | 
| ownershipPrivilege | 
 Ownership privileges on device. | 
| verifiedBoot | 
 Whether Android verified boot status is GREEN. | 
| ctsProfileMatch | 
 Whether the device passes Android CTS compliance. | 
| verifyAppsEnabled | 
 Whether Google Play Protect Verify Apps is enabled. | 
| hasPotentiallyHarmfulApps | 
 Whether any potentially harmful apps were detected on the device. | 
OwnershipPrivilege
Specifies how the device ownership privilege is configured on the device.
| Enums | |
|---|---|
| OWNERSHIP_PRIVILEGE_UNSPECIFIED | Ownership privilege is not set. | 
| DEVICE_ADMINISTRATOR | Active device administrator privileges on the device. | 
| PROFILE_OWNER | Profile Owner privileges. The account is in a managed corporate profile. | 
| DEVICE_OWNER | Device Owner privileges on the device. | 
ManagementState
Possible management states of a device.
| Enums | |
|---|---|
| MANAGEMENT_STATE_UNSPECIFIED | Default value. This value is unused. | 
| APPROVED | Device is approved. | 
| BLOCKED | Device is blocked. | 
| PENDING | Device is pending approval. | 
| UNPROVISIONED | The device is not provisioned. Device will start from this state until some action is taken (i.e. a user starts using the device). | 
| WIPING | Data and settings on the device are being removed. | 
| WIPED | All data and settings on the device are removed. | 
CompromisedState
Represents whether the device is compromised
| Enums | |
|---|---|
| COMPROMISED_STATE_UNSPECIFIED | Default value. | 
| COMPROMISED | The device is compromised (currently, this means Android device is rooted). | 
| UNCOMPROMISED | The device is safe (currently, this means Android device is unrooted). | 
EndpointVerificationSpecificAttributes
Resource representing the Endpoint Verification-specific attributes of a device.
| JSON representation | 
|---|
| { "certificateAttributes": [ { object ( | 
| Fields | |
|---|---|
| certificateAttributes[] | 
 Details of certificates. | 
| browserAttributes[] | 
 Details of browser profiles reported by Endpoint Verification. | 
| additionalSignals | 
 Additional signals reported by Endpoint Verification. It includes the following attributes: 
 | 
CertificateAttributes
Stores information about a certificate.
| JSON representation | 
|---|
| { "fingerprint": string, "thumbprint": string, "validationState": enum ( | 
| Fields | |
|---|---|
| fingerprint | 
 The encoded certificate fingerprint. | 
| thumbprint | 
 The certificate thumbprint. | 
| validationState | 
 Validation state of this certificate. | 
| serialNumber | 
 Serial number of the certificate, Example: "123456789". | 
| validityStartTime | 
 Certificate not valid before this timestamp. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| validityExpirationTime | 
 Certificate not valid at or after this timestamp. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| issuer | 
 The name of the issuer of this certificate. | 
| subject | 
 The subject name of this certificate. | 
| certificateTemplate | 
 The X.509 extension for CertificateTemplate. | 
CertificateValidationState
Certificate validation status, which denotes if the certificate chain was validated for this certificate and if this certificate chains up to a trusted root for enterprise certificates.
| Enums | |
|---|---|
| CERTIFICATE_VALIDATION_STATE_UNSPECIFIED | Default value. | 
| VALIDATION_SUCCESSFUL | Certificate validation was successful. | 
| VALIDATION_FAILED | Certificate validation failed. | 
CertificateTemplate
CertificateTemplate (v3 Extension in X.509).
| JSON representation | 
|---|
| { "id": string, "majorVersion": integer, "minorVersion": integer } | 
| Fields | |
|---|---|
| id | 
 The template id of the template. Example: "1.3.6.1.4.1.311.21.8.15608621.11768144.5720724.16068415.6889630.81.2472537.7784047". | 
| majorVersion | 
 The Major version of the template. Example: 100. | 
| minorVersion | 
 The minor version of the template. Example: 12. | 
BrowserAttributes
Contains information about browser profiles reported by the Endpoint Verification extension.
| JSON representation | 
|---|
| {
  "lastProfileSyncTime": string,
  "chromeBrowserInfo": {
    object ( | 
| Fields | |
|---|---|
| lastProfileSyncTime | 
 Timestamp in milliseconds since the Unix epoch when the profile/gcm id was last synced. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| chromeBrowserInfo | 
 Represents the current state of the Chrome browser attributes sent by the Endpoint Verification extension. | 
| chromeProfileId | 
 Chrome profile ID that is exposed by the Chrome API. It is unique for each device. | 
BrowserInfo
Browser-specific fields reported by the Endpoint Verification extension.
| JSON representation | 
|---|
| { "browserVersion": string, "browserManagementState": enum ( | 
| Fields | |
|---|---|
| browserVersion | 
 Version of the request initiating browser. E.g.  | 
| browserManagementState | 
 Output only. Browser's management state. | 
| isFileUploadAnalysisEnabled | 
 Current state of file upload analysis. Set to true if provider list from Chrome is non-empty. | 
| isFileDownloadAnalysisEnabled | 
 Current state of file download analysis. Set to true if provider list from Chrome is non-empty. | 
| isBulkDataEntryAnalysisEnabled | 
 Current state of bulk data analysis. Set to true if provider list from Chrome is non-empty. | 
| isSecurityEventAnalysisEnabled | 
 Current state of security event analysis. Set to true if provider list from Chrome is non-empty. | 
| isRealtimeUrlCheckEnabled | 
 Current state of real-time URL check. Set to true if provider list from Chrome is non-empty. | 
| safeBrowsingProtectionLevel | 
 Current state of Safe Browsing protection level. | 
| isSiteIsolationEnabled | 
 Current state of site isolation. | 
| isBuiltInDnsClientEnabled | 
 Current state of built-in DNS client. | 
| passwordProtectionWarningTrigger | 
 Current state of password protection trigger. | 
| isChromeRemoteDesktopAppBlocked | 
 Current state of Chrome Remote Desktop app. | 
| isChromeCleanupEnabled | 
 Current state of Chrome Cleanup. | 
| isThirdPartyBlockingEnabled | 
 Current state of third-party blocking. | 
BrowserManagementState
Information regarding management state of the profile.
| Enums | |
|---|---|
| UNSPECIFIED | Management state is not specified. | 
| UNMANAGED | Browser/Profile is not managed by any customer. | 
| MANAGED_BY_OTHER_DOMAIN | Browser/Profile is managed, but by some other customer. | 
| PROFILE_MANAGED | Profile is managed by customer. | 
| BROWSER_MANAGED | Browser is managed by customer. | 
SafeBrowsingLevel
Information regarding the browsing protection level policy of the browser.
| Enums | |
|---|---|
| SAFE_BROWSING_LEVEL_UNSPECIFIED | Browser protection level is not specified. | 
| DISABLED | No protection against dangerous websites, downloads, and extensions. | 
| STANDARD | Standard protection against websites, downloads, and extensions that are known to be dangerous. | 
| ENHANCED | Faster, proactive protection against dangerous websites, downloads, and extensions. | 
PasswordProtectionTrigger
Information regarding the password protect warning trigger policy of the browser
| Enums | |
|---|---|
| PASSWORD_PROTECTION_TRIGGER_UNSPECIFIED | Password protection is not specified. | 
| PROTECTION_OFF | Password reuse is never detected. | 
| PASSWORD_REUSE | Warning is shown when the user reuses their protected password on a non-allowed site. | 
| PHISHING_REUSE | Warning is shown when the user reuses their protected password on a phishing site. | 
ClientType
Client type on the device
| Enums | |
|---|---|
| CLIENT_TYPE_UNSPECIFIED | Default value | 
| DRIVE_FS | Managed by DriveFS | 
| FUNDAMENTAL | Management type for every secure device | 
| ENDPOINT_VERIFICATION | Managed by Endpoint Verification | 
| WINDOWS_ADVANCED | Managed by Windows | 
| GOOGLE_CREDENTIALS_PROVIDER_FOR_WINDOWS | Managed by Google credential provider for windows | 
| Methods | |
|---|---|
| 
 | Cancels an unfinished device wipe. | 
| 
 | Creates a device. | 
| 
 | Deletes the specified device. | 
| 
 | Retrieves the specified device. | 
| 
 | Lists/Searches devices. | 
| 
 | Wipes all data on the specified device. |