Management and Security powered by Landesk

Managing Chromebooks

Chromebooks must be managed using Google Apps APIs, since administrators cannot install an agent on the device. When you manage Chromebooks through Endpoint Manager, the devices appear in the inventory and you can view the device details. However, there is no additional functionality for Chromebooks from the Ivanti management console.

In order to manage Chromebooks, you must have a Google Apps for Work account that is bound to your domain name. You must also purchase Chromebook licenses in order to manage the devices. When you have purchased licenses and associated them with the Google Apps account, they appear in the Google Apps account under Device management.

NOTE: The steps for setting up a Chromebook for management through Google may change at Google's discretion. If that is the case, we recommend you find instructions from Google to perform these actions.

To manage Chromebooks, perform the following steps:

ClosedEnroll the devices in Google Apps for Work

If you do not have a Google Apps account already, you must create one in order to manage Chromebooks. Cost is based on the number of users.

You must also have Chromebook licenses in order to manage the devices.

If the device has already been used, you may need to perform a factory reset on the Chromebook before it can be enrolled.

Follow the instructions from Google to enroll devices:

ClosedEnable API access and create a client ID

1.Log in to the Google Apps account ( and click Security > API reference.

2.Enable the Enable API access option.

3.Log in to the Google Developers Console ( and create a project.

4.Open the project by clicking on it.

5.In the navigation tree, click APIs and auth > APIs > Admin SDK. Click Enable API if it isn't already enabled.

6.In the navigation tree, click APIs and auth > Credentials.

7.Click Add credential.

8.Click Service account.

9.Select the key type P12.

10.Click the Create Client ID button. The Client ID file is downloaded. Save the file to a safe place. You'll need to provide this file when you provision Ivanti with the ID.

11.Make a note of the Client ID and Email address values shown under the service account.

ClosedTest the API on Google servers (optional)

1.Go to the Google API Reference page (

2.In the tree on the left, click Chromeosdevices > list.

3.Click Try it now.

4.Enable Authorize requests using OAuth 2.0 and a dialog will pop up.

5.Select Authorize. The switch should turn from red to blue.

6.For the customerId field, enter my_customer.

7.Click Execute. You should see some or all of your Chromebook devices listed in JSON format at the bottom of the page.

ClosedConfigure API access with the ID you created

1.From the Google Apps account, click Security > Show more > Advanced settings > Manage API client access.

2.Provide the Client ID in the Client Name text box.

3.For the API scope string, type:

4.Click Authorize.

ClosedConfiguring external access to domain

Some additional configuration is necessary for LANDESK to be able to access Chromebook device information.

1.In your Google Apps account (, go to the Dashboard home and select Security.

2.Scroll down and click Show more.

3.Click Advanced settings > Manage API client access. Here you can restrict Endpoint Manager or other external apps from potentially accessing sensitive data beyond Chromebook devices (Ivanti only requests Chromebook device information from a Google Apps account).

4.In the Client Name field, enter the Client ID you saved earlier and enter the following API scope string needed to access Chromebook device inventory from Google:

5.Click Save.

ClosedProvision Ivanti with the ID

1.Log in to the Endpoint Manager management console.

2.Click Configure > Device Discovery.

3.Select Google credentials.

4.Click the Add button.

5.Provide the Admin email associated with the Google Apps account, the service account email (the email address that you noted when creating the client ID), and the Client ID file.

6.Click Test Credentials to verify the information.

7.Use a scheduled task to retrieve inventory information from Google.

Was this article useful?    

The topic was:



Not what I expected