Chrome OS Enrollment
Overview
Chrome OS enrollment allows Meraki Systems Manager to install apps, configuration profiles, and more to Chrome OS users & devices. The instructions in this guide cover the setup and enrollment of Chrome OS users & devices with your existing Meraki Systems Manager network and Google Admin console.
This article explains configuring the newest Chrome MDM framework with SM, which requires a licensed G Suite with Enterprise licensing. Google currently does not make this available to non-Enterprise account types. Here is an example of valid "G Suite Basic" licensing from the Google Admin Console:
There is an older set of Google APIs which support both Google education and business customers with less functionality. Instructions for those configurations are covered in our Chrome OS Management in Systems Manager article.
Preparation
1. Navigate in dashboard to Systems Manager > Manage > Add devices > Chrome OS > Try the new Chrome management!
2. Navigate back to Systems Manager > Manage > Add devices > Chrome OS Note the ID and URLs listed here. We will need to add these into the Google Admin Console.
3. Use the link provided to log in to your GSuite Admin Console, and from there navigate to Security > Access and data control > API controls > Domain wide delegation > Manage domain wide delegation
4. Click Add new. Copy your ID into the Client Name field and the API scopes as a comma-separated string into One or More API Scopes field, then click on Authorize to add these to your account.
If successful, your page should look similar to the one below:
5. Navigate to Devices > Chrome > Settings > Device > Chrome management - partner access > Enable Chrome management - partner access
6. Click on the User & browser settings tab > Enable Chrome Management - Partner Access
7. Optional: under Android application settings enable Enable Android applications to be managed through the Admin Console
For first-time enrollment, you MUST click the Android for Work box to view and acknowledge the terms of service before this check box is selectable
8. In Systems Manager Dashboard, fill in the requested information under Enrollment info and click Bind domain
9. When you are finished, you should be able to perform Android device and user syncs from Meraki Systems Manager Dashboard
Client Device Enrollment
Chrome OS client devices can be enrolled on a device level by switching the device's initial login mode (by pressing Ctrl + Alt + E) to switch from the standard user account sign-in screen to enterprise enrollment sign in. This must be performed during the device's initial setup. From the enterprise enrollment login screen: log in to an account on the specified Google domain with permissions (enabled by default) to enroll devices. This will add the device to the existing Google admin console and allow Systems Manager to install apps & profiles on a device level. Additional instructions on how to enroll Chrome OS devices with the enterprise enrollment steps can be found in Google's Enroll ChromeOS devices documentation.
Note: You must enroll devices before anyone signs in to them. If you don’t, you need to wipe the device and restart enrollment. For details, see Wipe ChromeOS device data.
These client device enterprise enrollment steps are required to install apps & profiles on a device level basis. If devices are not enrolled with this enterprise enrollment option then Systems Manager can still install profiles & apps directly to the end user's Google account.