📖 Definition

The "Take an Action On a Mobile Device" action enables Google Workspace administrators to remotely perform critical administrative actions on mobile devices associated with user accounts. This action helps maintain organizational security by allowing admins to remotely wipe, block, or reactivate devices in response to events such as device loss, user offboarding, or policy violations.

Key capabilities include:

• Remote wiping of data (entire device or account-specific wipe),
• Blocking a device from accessing organizational resources,
• Reversing pending wipe actions, and
• Reactivating previously blocked devices.

It is a powerful tool for enforcing security policies and managing mobile device compliance across your domain.

🎯 Example use cases:

Block a Lost Device

If an employee loses their company-issued mobile device, the admin can block the device to prevent unauthorized access to sensitive company data. This action can be initiated remotely using the device's resource ID.

Perform a Remote Wipe on a Device

If a device is stolen or needs to be decommissioned, an admin can remotely wipe all the data on the device to ensure that no corporate data remains accessible. This action helps secure company information on lost or misplaced devices.

Wipe Only Google Workspace Account from Personal Device (BYOD)

For a user who decides to stop using their personal device for work, the admin can wipe only the Google Workspace account from the device (without affecting personal data) while leaving the personal data intact.

Re-Activate a Device After Wipe Cancellation

If a device was mistakenly flagged for remote wipe, the admin can cancel the wipe and immediately re-enable access to company resources on the device, allowing the user to continue working without interruptions.

Block Device After Remote Wipe Cancellation

After canceling a remote wipe, if the device is still considered a security risk, an admin can block the device from accessing company resources, ensuring the device does not pose a threat to corporate data.

📥 **Inputs **

1. Connection

   This field represents the connection required to authenticate and interact with your Google Workspace account. A Google Workspace Administration connection is necessary to manage devices within your domain.

   Details: You will need to upload a JSON credential file for a service account that has domain-wide delegation permissions. This service account allows your workflow to take actions on behalf of your Google Workspace organization.

   How to Get: Follow the guide to create a Google Workspace Administration connection and generate the necessary credential file: Zenphi - Creating a Google Workspace Administration Connection.

2. Admin Email Address

   This is the email address of the administrator performing the action.

   Details: The admin email must belong to an account that has sufficient privileges to manage mobile devices within the Google Workspace domain. Typically, this will be an admin-level account.

3. User Email

   The email address of the user whose mobile device you want to perform an action on.

   Details: This is the email address associated with the user’s Google Workspace account, whose devices will be targeted for the specified action.

4. Resource Id

   The unique identifier for the mobile device that you want to take action on.

   Details: Each device enrolled in the Google Workspace mobile management system has a unique resource ID. You can obtain this ID through other API calls or within the Google Admin console. This ID is required to accurately target and manage the specific device.

5. Customer Id

   This is the unique Google Workspace customer ID associated with your organization.

   Details: If this field is left empty, the default customer ID will be used. This is helpful when managing multiple organizations or domains. If you don’t know your Customer ID, it can usually be found within the Google Admin Console.

6. Action

   The specific action that you wish to perform on the mobile device.

   Details: Choose one of the following actions based on your need:

   • Block: Blocks the device from accessing Google Workspace resources.
   • Admin Remote Wipe: Remotely wipes all data from the device, returning it to its factory settings.
   • Admin Account Wipe: Wipes only the Google Workspace account from the device, keeping other data intact.
   • Cancel Remote Wipe Then Activate: Cancels the scheduled remote wipe and reactivates the device for access.
   • Cancel Remote Wipe Then Block: Cancels the scheduled remote wipe but blocks the device from accessing company resources.

---

Each of these fields provides the necessary information to specify which device is being targeted, what action to perform, and which admin user is executing the action. This helps ensure that the correct device is managed in alignment with your organization’s security protocols.

💡Example Use Case:

Securing a Lost Corporate Mobile Device

**Scenario:**Imagine a situation where an employee has misplaced their corporate mobile device, and there's a risk of sensitive company data being exposed. As the administrator of your organization's Google Workspace, you need to take immediate action to protect your company's data and ensure the device cannot be accessed by unauthorized individuals.

Steps:

1. Connect to Google Workspace: You have set up your Google Workspace Administration connection using the required service account and credentials, as outlined in the documentation.

2. Provide Necessary Inputs:

   • Admin Email: Enter the email address of the admin who is performing the action (e.g., [email protected]).
   • User Email: Provide the email address associated with the user who owns the device (e.g., [email protected]).
   • Resource ID: You identify the lost device using its unique Resource ID (e.g., 12345XYZ).
   • Action: You select "Admin Remote Wipe" to remotely erase all data on the device to ensure sensitive information is not at risk.

3. Run the Flow: You run the flow, and the device will be remotely wiped. All personal and company data on the device will be erased, and the device will no longer have access to company data.

**Outcome:**The lost device is now secured, and the risk of data theft is mitigated. You can now monitor the status of the device and take further actions if needed, like blocking access or wiping other devices if necessary.