chromelogo

Configuring Google Chromebooks to Sync with FileWave


The following processes and steps will walk you through getting your FileWave server set up to manage Chromebooks. Current functionality will allow you to pull/query inventory data and utilize our location tracking feature in FileWave. Some steps can be skipped if certain accounts and projects were made beforehand.


  • List of countries where Chrome OS Management licenses are sold directly by Google to end customers:
    Go to https://eduproducts.withgoogle.com/, click 'contact sales', and then look at the drop-down menu 'Country' - if the country is in the list, it's supported.
  • Even if the country is not listed under the link above, a local google partner might be able to help :
    https://www.google.com/a/partnersearch


Required Items

  • Google Domain

    • Admin rights within the Google Domain
    • At least one Chromebook

    • Chromebooks Enterprise enrolled
    • Pre-existing Google Organizational Unit structure (RECOMMENDED)

  • Running FileWave Server

  • Enough FileWave Chromebook licenses to cover every Chromebook in the Google OU
  • FileWave HTTPS Root Trusted Certificate
  • GCM Setup - Google Cloud Messaging (GCM/Firebase) Setup



Enable Access to APIs

  1. Go to the below address to start the process:
    https://console.developers.google.com/flows/enableapi?apiid=admin,calendar,classroom,drive,driveactivity.googleapis.com,gmail,groupssettings,licensing,plus,contacts

If you just completed the Google Cloud Messaging (GCM/Firebase) Setup, the project will already be selected and will use the project created during the GCM setup (this MUST be set up to continue). If it's not automatically selected, select the drop-down at the top of the screen and choose the correct project. You can also create a new one if you'd like. My Project is called 'FileWave Chromebooks'.

2. Confirm the Project and Enable the APIs for the project 


Creating a Service Account and Credentials

  1. Now a service account has to be created, click the hamburger icon in the top left corner and select Credentials under APIs & Services
  2. Select Create Credentials > Service Account
  3. Give the Service Account a name. I use the same name as my project but you may name it whatever you want
  4. Select 'Create and Continue'
  5. Grant this service account OWNER priveledges under Basic
  6. Click 'Continue'
  7. Skip the next section by selecting 'Done'
  8. On the next screen, click 'Manage Service Accounts'
  9. Click the menu on the right side of the Service Account and then click Manage keys
  10. Select 'ADD KEY', then 'Create New Key' and download the JSON file

Save this JSON file. We'll use it later.




Adding a Delegated User

Any Google user with correct privileges can be used. Make sure whatever Google user you use has a role with the minimum privileges below:

  • Admin Console Privileges / Organization Units (Note that this will automatically give corresponding Admin API Privileges)
  • Admin Console Privileges / Services / Chrome OS / Manage Devices

Once you have your Google user with the proper role setup, get back to the APIs & Services Credentials section of Google Cloud Platform so we can tie the Google user with the service account created. https://console.developers.google.com/apis/credentials


  1. Select Manage service accounts by the Service Accounts section
  2. Check the checkbox to the left of your service account
  3. Select the menu at the top right of the window, then click MANAGE ACCESS at the top of the page
  4. Then click ADD MEMBER on the dialog that appears
  5. Add the Google User (make sure this user has the permissions stated above) and give it the Service Account User and Service Account Token Creator roles



OAuth Client ID & Authorizing API Scopes

  1. in the Google Console, use the top-left menu to navigate to IAM & Admin > Service Accounts
  2. Next to the service account shown, click on the Action menu and select 'Manage Details'
  3. Select 'Advanced Settings' to expand
  4. Copy Client ID under Domain-wide Delegation, we'll use it in the next section.

  1. Open another tab or browser and navigate to Google Admin, admin.google.com
  2.  In the main menu, select Security
  3. Scroll down and select API Controls 
  4. Click Manage Domain Wide Delegation
  5. Select Add new
  6. Paste the copied Client ID from the previous step in this section into the Client Name field
  7. Copy and paste the following into the One or More API Scopes field all at once then hit Authorize

https://www.googleapis.com/auth/admin.directory.device.chromeos,https://www.googleapis.com/auth/admin.directory.customer,
https://www.googleapis.com/auth/admin.directory.orgunit




Sync Google with FileWave

  1. Be sure you have already set up Google Cloud Messaging (GCM/Firebase) Setup
  2. Open your FileWave Admin Preferences and select the Google Tab
  3. Once there click the Configure OAuth token button at the top, you will be prompted for your credentials
  4. After authenticating simply type in the Google Account you associated with the service account
  5. The last step will be to import the .json file you saved at the beginning of this document
  6. After you press OK FileWave will sync automatically with Google

Now if you go into the Clients section in FileWave you will see a Chromebooks group with the same structure and devices you have in your Google Admin. This may take some time.


Deploying FileWave Inventory Extension to Chromebooks - We're almost done!

  1. In FileWave Admin open the Preferences

  2. Go to the Google/Chromebooks tab
  3. Click Export Policy for Extension and save the file
  4. Open admin.google.com

  5. On the left sidebar, Click Devices > Chrome > Apps & Extensions > Users & Browsers
  6. On the left sidebar, select the OU you want to assign the extensions too
  7. Click the yellow Plus Sign + on the bottom right of the page and then the icon that looks like a grid of squares
  8. Add Chrome app or extension by ID
  9. You can add the Apps/Extensions using the following extension ID: ldhgnmkjehdokljjhcpkbhcmhoficdio

  10. Click Save
  11. Scroll down to 'Policy for extensions'
  12. Upload the JSON you downloaded in step 3 of this section**

  13. Save your changes above
  14. At this point, you will want to consider the Installation policy for the FileWave extensions. You will either want to Force install or to Force install + pin to the browser toolbar to ensure the extensions are active. If you have several Organizational Units you may want to consider if you are going to set this at the domain level and if all the OUs will inherit the setting.

    It is important that the OUs that you enable this on either be all of them or at a minimum you need to enable it for both the User and Device OUs that you will be using with FileWave.

**

If you want to change the frequency of check-in, you can modify the following attribute in the JSON to reflect check-in frequency (in minutes).  The default is 1440, or once per day.

"UpdateIntervalInMinutes": {
    "Value": 1440
}


Location Tracking Permissions

If you're wanting to use Location Tracking, you will need to "Allow sites to detect Users' geolocation" in Google Admin. You will find this option in Devices > Chrome > Settings, on the page that loads it will be under Security > Geolocation. For this setting, you want to ensure that you set it at the level in the organization that it should apply. In the image below we only enabled it for Foundry Chromebooks but did not set it for all. If you would like to enable Geolocation for all devices then make sure you set it at the domain level and also make sure that none of your OUs are set to ignore the inheritance of this setting. Simply check the setting on each OU and you will see what it is set to. 

Just like with the Extensions, it is important that the OUs that you enable this on either be all of them or, at a minimum, you need to enable it for both the User and Device OUs that you will be using with FileWave.



Congratulations, you can now manage your Chromebooks with FileWave!

Troubleshooting

If for any reason you experience issues seeing your ChromeOS devices in FileWave or issues with reporting then see the notes in our Chrome Troubleshooting Guide