Configuring Google Workspace Integration for ChromeOS

Configuring Google Workspace Integration for ChromeOS

This article explains how to configure Google Workspace for ChromeOS within Lenovo Device Manager (LDM). This setup enables LDM to securely connect with your organization’s Google Cloud environment and retrieve ChromeOS device data for monitoring and management. Once the configuration is complete, you can proceed to onboard ChromeOS devices to LDM.
Info
Only one Google Cloud connection can be configured per LDM organization.


I. Find Google Workspace Account Customer ID

  1. Log in to Google Admin > Account > Account Settings
    (https://admin.google.com/ac/accountsettings)  (e.g. C02fy2zib)

II. Create a Google Cloud Project and enable API Access

  1. Go to https://console.cloud.google.com/apis/dashboard 
  2. Create a Project (e.g. “ldm-cloudconnector”)


  3. Select
    Enable APIs and Services



  4. In the library, search for and enable Admin SDK API  


  5. Search for Chrome Management API and enable

III. Create a Google Cloud Service Account

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  3. Select the Project you created and click Create a Service Account
    1. Service Account Name (e.g. “ldm-cloudconnector-user”)
    2. Service Account ID (Google will automatically generate one)
    3. Service Account Description
  4. Continue without granting roles or permissions to this service account
  5. Copy the service account email (e.g. “ldm-cloudconnector-user@ldm-cloudconnector.iam.gserviceaccount.com”)

IV. Create Credentials for the Service Account

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  2. Select the Service Account
  3. Go to Keys > Add Key > Create New Key
  4. Select JSON
  5. The JSON Credential will be downloaded to your device (keep this file secure)

V. Configure Domain-wide Delegation

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  2. Select the Service Account
  3. Expand Advanced Settings and copy the Client ID (e.g. “123456789012345678901”
  4. Log in to Google Workspace Admin (https://admin.google.com) 
  5. Go to Security > Access and data control > API Controls
  6. Click Manage Domain Wide Delegation > Add New
  7. Paste the Service Account’s Client ID that was copied earlier
  8. Paste the following OAuth Scopes: 
    https://www.googleapis.com/auth/chrome.management.telemetry.readonly,https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
  9. Authorize and Confirm Consent

VI. Enable Device Telemetry Reporting

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to Devices > Chrome > Settings > Device Settings
  3. In the User and Device Reporting section, select Report Device Telemetry
  4. Enable the following components for your Organizational Unit:
    1. Power Status
    2. Network Status
    3. Storage Status
    4. Network Configuration 



  5.  Click Save

VII. Create Google Workspace Admin Role

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to Account > Admin Roles
  3. Create new role with a name (e.g. “LDM Connector Admin”)
  4. Select the following Privileges:
    1. Organization Units > Read
    2. Chrome Management > Manage ChromeOS Devices > Read > Telemetry API
  5. Continue the role creation process
  6. Assign Service Accounts
  7. Enter the service account email address (e.g. “ldm-cloudconnector-user@ldm-cloudconnector.iam.gserviceaccount.com”)
  8. Click Assign Role

VIII. Configure Lenovo Device Orchestration Cloud Connector

  1. Login to LDM
  2. Go to Device Management > Devices and select + Add Device
  3. Under ChromeOS section, select please visit Policy Management > Connectors page to add/modify the connection details. Refer to Utilizing Policy Management.
Info
Once the connection is configured, you can proceed to onboard Chrome devices. For more information, refer to Onboarding Chrome Devices to LDM.


    • Related Articles

    • Integrating Microsoft Entra ID with LDM

      Register an Application in Microsoft Entra ID Navigate to the Microsoft Azure Portal. Proceed to Microsoft Entra ID > App registrations and select New registration. Register a new application. Securely note the following generated values: Application ...

    • Intel® EMA CIRA Connection Issues

      There may be occasions when the EMA CIRA connection will display the status as Not Connected in the Device tray - please refer to Accessing Device information - Windows operating system. This troubleshooting article will help you resolve the Not ...

    • Utilizing Policy Management

      Policy Management provides customized settings for LDM organizations. This feature is available only for Org Admins and MSP Admins. Feature Settings Navigate to Policy Management > Feature Settings on the left pane. The following options are ...

    • Onboarding Chrome Devices to LDM

      Lenovo Device Manager supports an automated process that simplifies the onboarding of Chrome devices. The setup is unique for the organization and must not be shared. To set up a new LDM account, it is mandatory to have a Lenovo ID and get an email ...

    • Remote BIOS Access and Configuration in LDM

      This feature enables Org and MSP Admins to remotely change the BIOS password and manage BIOS settings through Lenovo Device Manager (LDM). To access a device’s BIOS settings: Go to the Devices menu in the left panel. Select a device to open the ...