Chrome integration with MDM using G Suite
To manage Chrome OS devices using MDM you need to purchase licenses as explained here. The first step before enrolling Chromebooks is to integrate MDM with G Suite. This is done to automatically sync and enroll Chromebooks added to Google portal, with MDM.
Step #1: Configure Google Admin Console
- Login to Google Admin Console, with your admin credentials and select Devices.
- The chrome device has not been added previously, click on Start Trial under the Chrome Devices option. Once enrolled in the trial, navigate back to the devices page.
- Select Chrome -> Apps & extensions -> Users & browsers, from the left pane.
- Select Settings (Gear icon) under Users & Browsers tab. Select Allow for Android applications on Chrome devices. Click Save.
- Now, click on Settings from the dropdown menu. Under User & Browser settings navigate to Chrome Management - Partner Access. Select Enable Chrome Management - Partner Access and agree to the given Terms and Conditions.
- Click on Save to save the user settings.
- Now, click on Device Settings and navigate to Chrome Management - Partner Access. Select Enable Chrome Management - Partner Access and agree to the given terms and conditions.
- Click on Save to save the device settings.
- To enable Chrome Device Management API, login to Google Cloud Console using your admin account.
- Go to API & Services > Library .
- In the search bar, type Chrome Device Management API to check if it is enabled.
Step #2: Integrate with MDM
- On the MDM server, click on the Enrollment tab from the top menu and select Chromebook Enrollment, present under Chrome OS.
- If you've already integrated G Suite in Android Enterprise you can go directly to step 3. If not, click on Configure Now and provide the domain registered with G Suite as well as the domain admin account.
- In case of MDM On-Premise, if OAuth is not configured, you will get an error message saying "OAuth App details are not yet configured".
- Click on here to configure OAuth. You will be prompted to enter the Client ID and Client Secret. How to obtain Client ID and Client Secret?
- Once you have entered the Client ID and Client Secret, click on Integrate to complete Chrome integration using G Suite. You can now enroll Chromebooks using MDM.
How to obtain Client ID and Client Secret
- Log in to the Google Console with your G Suite admin account.
- Click on Select Project -> New Project and enter the required details.
- Navigate to APIs & services -> Credentials -> Create Credentials -> OAuth Client ID.
- Select Web Application as the Application type.
- Enter https://www.manageengine.com/ems/integrations/oauth.html as Authorized redirect URIs and click on Create.
- A new set of Client ID and Client Secret will be generated which is to be copied and pasted back on the MDM server.
- Once you have entered the Client ID and Client Secret, click on Integrate.
Now the OAuth will be successfully configured on the MDM server.
Unable to Integrate G Suite with MDM
If you are unable to integrate G Suite with MDM, follow the steps mentioned below:
- Go to https://myaccount.google.com and login with your domain admin account.
- Navigate to Security -> Manage third-party access and select ManageEngine MDM.
- Click on Remove access and then click OK to confirm.
- On the MDM Console, provide the domain admin account and click on Configure now.
Now the G Suite will get successfully integrated with MDM.