Management and Security powered by Landesk
Chromebooks must be managed using Google Apps APIs, since administrators cannot install an agent on the device. When you manage Chromebooks through Ivanti® Endpoint Manager powered by Landesk, the devices appear in the inventory and you can view the device details. However, there is no additional functionality for Chromebooks from the Ivanti management console.
In order to manage Chromebooks, you must have a Google Apps for Work account that is bound to your domain name. You must also purchase Chromebook licenses in order to manage the devices. When you have purchased licenses and associated them with the Google Apps account, they appear in the Google Apps account under Device management.
NOTE: The steps for setting up a Chromebook for management through Google may change at Google's discretion. If that is the case, we recommend you find instructions from Google to perform these actions.
To manage Chromebooks, perform the following steps:
If you do not have a Google Apps account already, you must create one in order to manage Chromebooks. Cost is based on the number of users. You must also have Chromebook licenses in order to manage the devices.
If the device has already been used, you may need to perform a factory reset on the Chromebook before it can be enrolled.
Follow the instructions from Google to enroll devices: https://support.google.com/chrome/a/answer/1360534
1.Log in to the Google Apps account (https://admin.google.com) and click Security > API reference.
2.Enable the Enable API access option.
3.Log in to the Google Developers Console (https://console.developers.google.com) and create a project.
4.Open the project by clicking on it.
5.In the navigation tree, click APIs and auth > APIs > Admin SDK. Click Enable API if it isn't already enabled.
6.In the navigation tree, click APIs and auth > Credentials.
7.Click Add credential.
8.Click Service account.
9.Select the key type P12.
10.Click the Create Client ID button. The Client ID file is downloaded. Save the file to a safe place. You'll need to provide this file when you provision Ivanti with the ID.
11.Make a note of the Client ID and Email address values shown under the service account.
1.Go to the Google API Reference page (https://developers.google.com/admin-sdk/directory/v1/reference/).
2.In the tree on the left, click Chromeosdevices > list.
3.Click Try it now.
4.Enable Authorize requests using OAuth 2.0 and a dialog will pop up.
5.Select Authorize. The switch should turn from red to blue.
6.For the customerId field, enter my_customer.
7.Click Execute. You should see some or all of your Chromebook devices listed in JSON format at the bottom of the page.
1.From the Google Apps account, click Security > Show more > Advanced settings > Manage API client access.
2.Provide the Client ID in the Client Name text box. For the API scope string, type:
Some additional configuration is necessary for LANDESK to be able to access Chromebook device information.
1.In your Google Apps account (https://admin.google.com), go to the Dashboard home and select Security.
2.Scroll down and click Show more.
3.Click Advanced settings > Manage API client access. Here you can restrict Ivanti® Endpoint Manager and Endpoint Security, powered by Landesk or other external apps from potentially accessing sensitive data beyond Chromebook devices (Ivanti only requests Chromebook device information from a Google Apps account).
4.In the Client Name field, enter the Client ID you saved earlier and enter the following API scope string needed to access Chromebook device inventory from Google: https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly.
1.Log in to the Ivanti® Endpoint Manager powered by Landesk management console.
2.Click Configure > Device Discovery.
3.Select Google credentials.
4.Click the Add button.
5.Provide the Admin email associated with the Google Apps account, the service account email (the email address that you noted when creating the client ID), and the Client ID file.
6.Click Test Credentials to verify the information.
7.Use a scheduled task to retrieve inventory information from Google.
Was this article useful?
The topic was:
Not what I expected
Copyright © 2018, Ivanti. All rights reserved.