Get Service Account
|
|||||
|
|
||||
Returns a service account and credentials. The service account can be bound to the enterprise by calling setAccount. The service account is unique to this enterprise and EMM, and will be deleted if the enterprise is unbound. The credentials contain private key data and are not stored server-side.
This method can only be called after calling Enterprises.Enroll or Enterprises.CompleteSignup, and before Enterprises.SetAccount; at other times it will return an error.
Subsequent calls after the first will generate a new, unique set of credentials, and invalidate the previously generated credentials.
Once the service account is bound to the enterprise, it can be managed using the serviceAccountKeys resource
Authorization
To use this building block you will have to grant access to at least one of the following scopes:
- Manage corporate Android devices
Input
This building block consumes 2 input parameters
| Name | Format | Description |
|---|---|---|
enterpriseId Required |
STRING |
The ID of the enterprise |
keyType |
ENUMERATION |
The type of credential to return with the service account. Required |
= Parameter name
= Format
|
enterpriseId STRING Required The ID of the enterprise |
|
keyType ENUMERATION The type of credential to return with the service account. Required |
Output
This building block provides 8 output parameters
| Name | Format | Description |
|---|---|---|
key |
OBJECT |
Credentials that can be used to authenticate as a service account |
key.data |
STRING |
The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google |
key.id |
STRING |
An opaque, unique identifier for this ServiceAccountKey. Assigned by the server |
key.kind |
STRING |
Identifies what kind of resource this is. Value: the fixed string "androidenterprise#serviceAccountKey" |
key.publicData |
STRING |
Public key data for the credentials file. This is an X.509 cert. If you are using the googleCredentials key type, this is identical to the cert that can be retrieved by using the X.509 cert url inside of the credentials file |
key.type |
STRING |
The file format of the generated key data |
kind |
STRING |
Identifies what kind of resource this is. Value: the fixed string "androidenterprise#serviceAccount" |
name |
STRING |
The account name of the service account, in the form of an email address. Assigned by the server |
= Parameter name
= Format
|
key OBJECT Credentials that can be used to authenticate as a service account |
|
key.data STRING The body of the private key credentials file, in string format. This is only populated when the ServiceAccountKey is created, and is not stored by Google |
|
key.id STRING An opaque, unique identifier for this ServiceAccountKey. Assigned by the server |
|
key.kind STRING Identifies what kind of resource this is. Value: the fixed string "androidenterprise#serviceAccountKey" |
|
key.publicData STRING Public key data for the credentials file. This is an X.509 cert. If you are using the googleCredentials key type, this is identical to the cert that can be retrieved by using the X.509 cert url inside of the credentials file |
|
key.type STRING The file format of the generated key data |
|
kind STRING Identifies what kind of resource this is. Value: the fixed string "androidenterprise#serviceAccount" |
|
name STRING The account name of the service account, in the form of an email address. Assigned by the server |