Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to the below address to start the process:
    https://console.developers.google.com/flows/enableapi?apiid=admin,calendar,classroom,drive,driveactivity.googleapis.com,gmail,groupssettings,licensing,plus,contacts
  2. Once there you will need to Create a project and use the same answers below then click Agree and continue which will bring you to the second screenshot
    Image Removed
    Click Go to credentials 
    CB-smallAPIenabledImage Removed
    Then click the hamburger icon on the top right corner and choose Project Settings
    CB-ProjectSettingsImage Removed
    Rename your new project
    Image Removed
    Now a service account has to be created, click the hamburger icon in the top left corner and select Credentials under APIs & Services
    Image Removed
    Now you will be prompted to create credentials
    After Clicking Create Credentials choose the Help me choose option
    CB-HelpMeChooseImage Removed
    Fill out the form as seen below:
    Which API are you using? -> Admin SDK
    Where will you be calling the API from? -> Web server
    Which data will you be accessing? -> Application data
    Are you planning to use this API with App Engine or Compute Engine? -> No
    Image Removed
  3. Click What credentials do I need?
  4. Enter a name for the service account. Remember this name for later
  5. For the role make it Owner which is in the sub menu Project
  6. Select the JSON option before hitting continue
    Image Removed
    Image Removed

Enable Google Apps Domain-wide delegation

...

Authorize API scopes

...

Copy and paste the following into the One or More API Scopes field all at once then hit Authorize

Code Block
https://www.googleapis.com/auth/admin.directory.device.chromeos,
https://www.googleapis.com/auth/admin.directory.customer,
https://www.googleapis.com/auth/admin.directory.orgunit

...

The Chrome API requires a user to be used in conjunction with a "delegated user".

Any Google user with correct privileges can be used. Make sure whatever Google user you use has a role with the minimum privileges below:

  • Admin Console Privileges / Organization Units (Note that this will automatically give corresponding Admin API Privileges)
  • Admin Console Privileges / Services / Chrome OS / Manage Devices

Once you have your Google user with the proper role setup, get back to the Credentials section so we can tie the Google user with the service account created. https://console.developers.google.com/apis/credentials

...

Sync Google with FileWave

...

Deploying the MDM Certificate

If you would like to use FileWave Engage with Chromebooks you will need to follow the instructions below but open the Engage tab in step 2 and 4.

...

Deploying the FileWave Inventory Extension

...

Open admin.google.com

...

Add Chrome app or extension by ID

...

You can add the Apps/Extensions using the extension IDs listed below:

Info
titleApp IDs

FileWave Inventory: ldhgnmkjehdokljjhcpkbhcmhoficdio

FileWave Engage for Chromebooks: ohphobhpnpphfbdifmhjhcjbdecgbmhn

FileWave Engage Extension: lajmdphbfjlbhgibfifhjcblodepejnj

Image Removed

...

Deploy configuration for the Inventory Extension

...

In FileWave Admin open the Preferences

...

Congratulations, you can now manage your Chromebooks with FileWave!

clientImage RemovedchromelogoImage Removed

...

  • List of countries where Chrome OS Management licenses are sold directly by Google to end customers:
    Go to https://eduproducts.withgoogle.com/, click 'contact sales', and then look at the drop-down menu 'Country' - if the country is in the list, it's supported.
  • Even if the country is not listed under list above, a local google partner might be able to help :
    https://www.google.com/a/partnersearch

Required Items

...

Google Domain

  • Admin rights within the Google Domain
  • At least one Chromebook

  • Chromebooks Enterprise enrolled
  • Pre-existing Google Organizational Unit structure (RECOMMENDED)

Running FileWave Server

...

FileWave HTTPS Root Trusted Certificate setup.

Warning
NOTE: CANNOT be IP Address or self-signed cert. Must be FQDN - Instructions Linked Here

Setup

Table of Contents
maxLevel3
minLevel3
outlinetrue
absoluteUrltrue
stylenone

JSON File

Before we can begin we need to create the .json file needed to configure the OAuth token section in the FileWave Admin.

  1. Go to the below address to start the process:
    https://console.developers.google.com/flows/enableapi?apiid=admin,calendar,classroom,drive,gmail,groupssettings,licensing,plus,contacts
  2. Once there you will need to Create a project and use the same answers below then click Agree and continue which will bring you to the second screenshot
    Image Removed
    Click Go to credentials 
    CB-smallAPIenabledImage Removed
    Then , keep the selection "Create a project" and select Continue (we'll rename the project later)

    Image Added

  3. Agree to terms and select your Country of Residence – Agree and Continue

    Image Added
  4. Click Go to credentials 

    CB-smallAPIenabledImage Added

  5. Now we'll edit the project name before making the credentials, click the hamburger icon on the top right corner and choose Project Settings
    CB-ProjectSettingsImage Removed
    Image Added

  6. Rename your new project and Save
    Image Removed
    Image Added
  7. Now a service account has to be created, click the hamburger icon in the top left corner and select Credentials under APIs & Services


    Now you will be prompted to create credentials

  8. After Clicking Select Create Credentials  choose the Help me choose option
    CB-HelpMeChooseImage Removed> Help Me Choose at the top of the page

    Image Added

  9. Fill out the form as seen below:
    Which API are you using? - > Admin SDK
    Where will you be calling the API from? -> Web server
    Which data will you be accessing? -> Application data
    Are you planning to use this API with App Engine or Compute Engine? - > No
    Image Removed, I'm not using them

    Image Added

  10. Click What credentials do I need?
  11. Enter a name for the service account. Remember this name for later
  12. For the role make it Owner which is in the sub menu Project
  13. Select the JSON option before hitting continue
    Image Removed

    Image Added
    Image Removed
    Image Added

Enable Google Apps Domain-wide delegation

  1. Click the hamburger icon in the top left corner and select IAM & AdminYou will then see the Service accounts option on the left side barselect Identity > Service Accounts

    Image Added

  2. After you are in service accounts you will need to find the account name you created in the previous stepsYou
  3. will then need to hit the Edit button found after clicking the three dots to the right of the accountSelect the Actions menu and click Edit

    Image Modified

  4. Once you hit Edit you need to Show Domain-Wide Delegation, check Enable G Suite Domain-wide Delegation, and then give it a Product name for the consent screen before then saving



Authorize API scopes

  1. Go to the Credentials section under APIs & Services
  2. Once there copy the Client ID you created in the earlier steps under the OAuth 2.0 client ID section.


  3. In your browser, open another tab and go to the Google Admin console
    admin.google.com

  4. Once there select Security


  5. Find Scroll down and select Advanced settings and click  API Controls 
  6. Click Manage Domain Wide Delegation
  7. Select Add newImage Removed
  8. Paste the copied Client ID from step 2 in this section into the Client Name field
  9. Copy and paste the following into the One or More API Scopes field all at once then hit Authorize

    Image Added

    Code Block
    https://www.googleapis.com/auth/admin.directory.device.chromeos,
    https://www.googleapis.com/auth/admin.directory.customer,
    https://www.googleapis.com/auth/admin.directory.orgunit


  10. After you Authorize you should see the new entry below (your Client ID will be different)


The Chrome API requires a user to be used in conjunction with a "delegated user".

Any Google user with correct privileges can be used. Make sure whatever Google user you use has a role with the minimum privileges below:

...

  1. Select Manage service accounts by the Service account keys sectionAccounts section
  2. Check your service account
  3. Show Info Panel at the top
  4. Then Add Member 



  5. Add the Google User and give it the Service Account User and Service Account Token Creator roles


Sync Google with FileWave

  1. Open your FileWave Preferences and select the Chromebooks/Google Tab (Chromebook tab if you are below FileWave version 13 Tab (name depends on version)
  2. Once there click the Configure OAuth token button at the top
  3. You will be prompted for the superuser credentials
  4. After authenticating simply type in the Google Account you associated to the service account
  5. Last step will be to import the .json file you saved at the beginning of this document


  6. After you press OK FileWave will sync automatically with Google


  7. Now if you go into the Clients section in FileWave you will see a Chromebooks group with the same structure and devices you have in your Google Admin. This may take some time.



Deploying the MDM Certificate

If you would like to use FileWave Engage with Chromebooks you will need to follow the instructions below but open the Engage tab in step 2 and 4.

  1. In the FileWave Admin, open the Preferences
  2. Go to the General tab
  3. In the SSL Certificate Management section, make sure you have a valid root trusted certificate with a valid Common Name that matches your FileWave Server name (FQDN)
  4. Go to the Google/Chromebooks tab
  5. Click Export Certificate
  6. Save the certificate locally


  7. Follow the instruction listed in the following URL from Google to upload your certificate to Google
    Please Note: Make sure the checkbox "Use this certificate as an HTTPS certificate authority." is checked for the MDM certificate
    https://support.google.com/chrome/a/answer/6342302?hl=e

Deploying the FileWave Inventory Extension

  1. Open admin.google.com

  2. Click Devices
  3. On the left sidebar, click Chrome Management 
    Image Removed
    > Apps & Extensions > Users & Browsers

    Image Added

  4. On the left sidebar, select the OU you want to assign the extensions too
  5. click the Plus Sign +


  6. Add Chrome app or extension by ID

  7. You can add the Apps/Extensions using the extension IDs listed below:

    Info
    titleApp IDs

    FileWave Inventory: ldhgnmkjehdokljjhcpkbhcmhoficdio

    FileWave Engage for Chromebooks: ohphobhpnpphfbdifmhjhcjbdecgbmhn

    FileWave Engage Extension: lajmdphbfjlbhgibfifhjcblodepejnj

  8. Hit Save at the top


Deploy configuration for the Inventory Extension

  1. In FileWave Admin open the Preferences

  2. Go to the Google  Google/Chromebooks tab
  3. Click Export Policy for Extension and save the file


  4. Open the Google Admin Console 
    admin.google.com
  5. Click Devices
  6. On the left sidebar, click Chrome ManagementThen select > Apps & Extensions > Users & Browsers
  7. In the list, find the FileWave Inventory extension and click it on it
  8. Scroll down to Policy for extension
  9. Paste in the contents of the JSON you downloaded in step 3 of this section
  10. Save your changes above

...