Chrome integration with MDM using G Suite

To manage Chrome OS devices using MDM you need to purchase licenses as explained here. The first step before enrolling Chromebooks is to integrate MDM with G Suite. This is done to automatically sync and enroll Chromebooks added to Google portal, with MDM.

Procedure

• Step #1: Configure Google Admin Console
• Step #2: Integrate with MDM

Step #1: Configure Google Admin Console

• Login to Google Admin Console, with your admin credentials and select Devices.

• The chrome device has not been added previously, click on Start Trial under the Chrome Devices option. Once enrolled in the trial, navigate back to the devices page.

• Select Chrome -> Apps & extensions -> Users & browsers, from the left pane.

• Select Settings (Gear icon) under Users & Browsers tab. Select Allow for Android applications on Chrome devices. Click Save.

• Now, click on Settings from the dropdown menu. Under User & Browser settings navigate to Chrome Management - Partner Access. Select Enable Chrome Management - Partner Access and agree to the given Terms and Conditions.

• Click on Save to save the user settings.
• Now, click on Device Settings and navigate to Chrome Management - Partner Access. Select Enable Chrome Management - Partner Access and agree to the given terms and conditions.

• Click on Save to save the device settings.
• To enable Chrome Device Management API, login to Google Cloud Console using your admin account.
• Go to API & Services > Library .
• In the search bar, type Chrome Device Management API to check if it is enabled.

Step #2: Integrate with MDM

• On the MDM server, click on the Enrollment tab from the top menu and select Chromebook Enrollment, present under Chrome OS.
• If you've already integrated G Suite in Android Enterprise you can go directly to step 3. If not, click on Configure Now and provide the domain registered with G Suite as well as the domain admin account.
• In case of MDM On-Premise, if OAuth is not configured, you will get an error message saying "OAuth App details are not yet configured".
• Click on here to configure OAuth. You will be prompted to enter the Client ID and Client Secret. How to obtain Client ID and Client Secret?
• Once you have entered the Client ID and Client Secret, click on Integrate to complete Chrome integration using G Suite. You can now enroll Chromebooks using MDM.

How to obtain Client ID and Client Secret

1. Log in to the Google Console with your G Suite admin account.



2. Click on Select Project -> New Project and enter the required details.



3. Navigate to APIs & services -> Credentials -> Create Credentials -> OAuth Client ID.





4. Select Web Application as the Application type.



5. Enter https://www.manageengine.com/ems/integrations/oauth.html as Authorized redirect URIs and click on Create.





6. A new set of Client ID and Client Secret will be generated which is to be copied and pasted back on the MDM server.



7. Once you have entered the Client ID and Client Secret, click on Integrate.

Now the OAuth will be successfully configured on the MDM server.

Troubleshooting tips

Unable to Integrate G Suite with MDM

If you are unable to integrate G Suite with MDM, follow the steps mentioned below:

1. Go to https://myaccount.google.com and login with your domain admin account.
2. Navigate to Security -> Manage third-party access and select ManageEngine MDM.
3. Click on Remove access and then click OK to confirm.
4. On the MDM Console, provide the domain admin account and click on Configure now.

Now the G Suite will get successfully integrated with MDM.