Professional Documents
Culture Documents
Managing Chrome Os Devices Workspace One Operational Tutorial Noindex
Managing Chrome Os Devices Workspace One Operational Tutorial Noindex
Please visit
https://techzone.vmware.com/managing-chrome-os-devices-workspace-one-operational-tutorial for the
latest version.
Table of contents
Overview ................................................................................................................................................... 3
Audience ............................................................................................................................................... 3
Prerequisites .......................................................................................................................................... 4
Migrate to Newer Version of Chrome OS Management ................................................................................ 4
Enabling Google Chrome Device Management .............................................................................................. 5
Prerequisites .......................................................................................................................................... 5
Enable Chrome Device Management ........................................................................................................ 5
Audience
This tutorial is intended for IT administrators and product evaluators who are looking to manage Chrome OS devices in their new or
existing Workspace ONE UEM tenants. Familiarity of Workspace ONE UEM and the Google Admin console along with access to
these individual consoles is assumed. Knowledge of additional technologies such as network, VPN configuration,
VMware Workspace ONE® Intelligence is also helpful.
Prerequisites
Before you can perform this exercise, you must have the following installed and configured.
5. Next, login into your Google Workspace Administrator console by navigating to https:// admin.google.com.
6. Navigate to Directory > Users.
7. Scroll to find the admin user account which was previously used for Workspace ONE EMM registration. Select the admin
user account.
8. Expand Security.
9. Scroll to Connected Applications and select the edit icon.
10. Remove Workspace ONE as connected application for this user.
Prerequisites
Before performing this exercise, ensure that you have your Google Admin Console credentials.
You also need a Chrome Enterprise upgrade or Chrome Education upgrade enabled for your account.
6. Select Enable Chrome management – partner access from the drop-down next to Configuration.
Note: EMM Partner access in User & Browser settings must be enabled at the parent organizational unit (OU) level in the Google
Admin console. This setting cannot be enabled at a child OU level, and a child OU will always inherit partner access properties from
the parent OU.
7. Click Save.
8. Next, navigate to Device Settings tab and scroll to Chrome management – partner access.
Note: EMM Partner access in Device settings can be enabled at the parent OU level as well as individual child OU levels in the
Google Workspace Admin console.
4. Enter your Google Admin Email Address (the same credentials used to log in to the Google Admin Console earlier) and
click Sign in with Google.
Caution: Make sure you have pop-ups enabled in your browser otherwise the Google authorization page will not open.
5. Allow the permissions prompt that follows in the pop-up window.
6. Copy the Authorization code from the next window and paste the copied code into the Google Authorization Code field in
your Workspace ONE UEM console. Then select Authorize.
7. Click Test Connection to ensure the connection between Workspace ONE UEM and Google is established. If successful, a
green Test Connection Successful message is displayed.
Tip: Click Device Sync to manually sync new Chrome OS enrollments into the Workspace ONE UEM Console. Workspace ONE UEM
will then sync with your Google Admin console to enroll newly registered devices. This sync is by default automatic and happens
periodically once every hour.
Note: Workspace ONE Extension will automatically download on your enrolled Chrome OS devices. This is a mandatory extension
that is necessary for Chrome OS device management.
Device Profiles - Apply to Chrome OS devices regardless of the user logged into the device.
User Profiles - Apply to Chrome OS devices at the user level, and do not apply to users signed in as guest
or with a Google Account outside of your organization (such as a personal Gmail account).
Profiles on Chrome OS devices are assigned based on the organizational unit (OU) of the Google Workspace Admin console. During
the creation of a Chrome OS profile, you select the OU(s) that will receive the profile assignment.
For User Profiles, all user accounts in the selected OU and below will receive the profile payload.
For Device Profiles, all devices in the selected OU and below will receive the profile payload.
There could be cases where the User and Device are in different OUs. In such cases, both the profiles will need to be
assigned appropriately.
Tip: Refer to Add an organizational unit for help creating OU(s) in the Google Workspace Admin console.
9. Configure the Security & Privacy settings payload as desired. For the purposes of this tutorial, select Disallow
incognito mode to keep the users from browsing the web without storing local data.
Note: You can select one or more OU(s) to receive the profile assignment.
12. Select Save & Publish.
13. Test to see if the profile was successfully assigned by launching a new tab in incognito mode for your user account on a
Chrome browser. Notice how the option for New incognito window is disabled.
14. Profile deployment can also be verified by navigating to Chrome://Policy on a Chrome Browser. Policies listed in
Chrome://Policy should match the configuration pushed using Profiles from Workspace ONE UEM for that user or device
in their respective OU.
15. Another way to verify a successful profile deployment is by confirming the configuration in the Google Workspace Admin
console. Start by navigating to Chrome > Settings > Users & browsers (for User profiles) and select the OU to which
received the Profile assignment from Workspace ONE UEM. Policies listed in this section should match the configuration
pushed from Workspace ONE UEM for that user or device OU.
Additional Resources
For more information about Workspace ONE, explore the VMware Workspace ONE Activity Path. The activity path provides step-by-
step guidance to help you level up your Workspace ONE knowledge. You will find everything from beginner to advanced curated
assets in the form of articles, videos, and labs.
Changelog
The following updates were made to this guide:
2023/04/14
published
was
Guide
•
About the Author and Contributors
Wasif Syed is one of our passionate and innovative Solutions Engineers on the VMware End User Computing (EUC) Subject Matter
Experts (SME) team. With a strong background in Android, iOS, and Chrome OS technologies, Wasif seeks to solve mobility
challenges that face today’s Anywhere Workforce.
Eric Stillman - Product Manager for Android and Chrome OS at VMware End-User Computing.
Feedback
Your feedback is valuable.
To comment on this paper, contact VMware End-User-Computing Technical Marketing at
euc_tech_content_feedback@vmware.com.