Configure Collect with Mobile Device Management software

What high-level problem are you trying to solve?
Some organizations that use ODK Collect also use Mobile Device Management software like TinyMDM or Microsoft Intune to do things like automatically accept permissions, lock down application access, selectively push out application updates, and keep track of the physical location of devices. Android has very good support for Mobile Device Management with two different modes: it can either take over and manage the entire device or manage just a separate profile on a user-controlled device.

Some of these organizations that already use ODK with MDM have asked about using MDM to configure Collect remotely, especially to configure a new project for every device without needing to manage and scan in QR codes.

Any ideas on how ODK could help you solve it?
We are proposing making it possible to set a settings_json configuration key from MDM and give it a value containing JSON representing client settings.

If no project is configured, when Collect receives those settings, it would immediately create a new project and switch to it.

If a project is already configured, when Collect receives those settings and the URL and username match an existing project, Collect would immediately apply the new settings to the existing project.

If a project is already configured, when Collect receives those settings and the URL and username do NOT match any existing project, Collect would immediately create and configure the new project.

In the latter two cases, the currently active project would not change so as not to disrupt ongoing work.

Upload any helpful links, sketches, and videos.

Most MDM providers have a way to specify variables in settings like $appuserkey above. This would make it possible to use a single policy to configure many devices each with their own App User key.

Related work
We've previously discussed a way for users to specify settings on the server and for those settings to stay synchronized on the client. We think these two approaches would be complementary. For example, an organization might want to use MDM to configure the server and App User identity for each device and then configure further settings from Central.

Please let us know what you think! We'll also show a proof of concept for discussion during Wednesday's Insiders call.

I just hit an issue with this on recent samsung galaxy phones - you can't have multiple users on them anymore, but you can still do this on galaxy tab devices. Presumably this function hasn't been removed from other Android devices.

Very keen to see how tinyMDM can be used, especially with it being able to configure Collect directly. (And until Central can push mbtiles, we could do this via MDM...?)

Does this mean that Collect settings that can be exported in the QR on device / set when creating QR via API, but not set when creating an App user & QR in Central could be set & synced in Central?

That's too bad!

You can push files to the device Downloads folder and then have data collectors import them but TinyMDM says "from Android 11 onwards, it is no longer possible to choose the folder where the file will be saved. It will automatically be saved in the Download folder."

That would be the idea, yes.

Hi Hélène and Andrew,
This is very interesting. We use an MDM (TinyMDM) to manage our 160 phones. The phones are completely managed by us, not in a "BYOD" mode. We wanted to avoid personal data and appas management when a phone is lost or broken.

Regarding collect, once a phone has been initialized, we still need to flash the QRCode(s) and set username and email.
Username and even more email metadata are important for us because it is how we associate each submission to its owner in the database (we actually share one app user for the whole team).
A wrong setting means some extra work to be done later in the database
So this MDM approach is very promising, for metadata and other parameters.