Configuring Google Workspace Integration for ChromeOS in LDM

Configuring Google Workspace Integration for ChromeOS in LDM

This article explains how to configure Google Workspace for ChromeOS within Lenovo Device Manager (LDM). This setup enables LDM to securely connect with your organization’s Google Cloud environment and retrieve ChromeOS device data for monitoring and management. Once the configuration is complete, you can proceed to onboard ChromeOS devices to LDM.
Info
Only one Google Cloud connection can be configured per LDM organization.


I. Find Google Workspace Account Customer ID

  1. Log in to Google Admin > Account > Account Settings
    (https://admin.google.com/ac/accountsettings)  (e.g. C02fy2zib)

II. Create a Google Cloud Project and enable API Access

  1. Go to https://console.cloud.google.com/apis/dashboard 
  2. Create a Project (e.g. “ldm-cloudconnector”)


  3. Select
    Enable APIs and Services



  4. In the library, search for and enable Admin SDK API  


  5. Search for Chrome Management API and enable

III. Create a Google Cloud Service Account

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  3. Select the Project you created and click Create a Service Account
    1. Service Account Name (e.g. “ldm-cloudconnector-user”)
    2. Service Account ID (Google will automatically generate one)
    3. Service Account Description
  4. Continue without granting roles or permissions to this service account
  5. Copy the service account email (e.g. “ldm-cloudconnector-user@ldm-cloudconnector.iam.gserviceaccount.com”)

IV. Create Credentials for the Service Account

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  2. Select the Service Account
  3. Go to Keys > Add Key > Create New Key
  4. Select JSON
  5. The JSON Credential will be downloaded to your device (keep this file secure)

V. Configure Domain-wide Delegation

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  2. Select the Service Account
  3. Expand Advanced Settings and copy the Client ID (e.g. “123456789012345678901”
  4. Log in to Google Workspace Admin (https://admin.google.com) 
  5. Go to Security > Access and data control > API Controls
  6. Click Manage Domain Wide Delegation > Add New
  7. Paste the Service Account’s Client ID that was copied earlier
  8. Paste the following OAuth Scopes: 
    https://www.googleapis.com/auth/chrome.management.telemetry.readonly,https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
  9. Authorize and Confirm Consent

VI. Enable Device Telemetry Reporting

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to Devices > Chrome > Settings > Device Settings
  3. In the User and Device Reporting section, select Report Device Telemetry
  4. Enable the following components for your Organizational Unit:
    1. Power Status
    2. Network Status
    3. Storage Status
    4. Network Configuration 



  5.  Click Save

VII. Create Google Workspace Admin Role

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to Account > Admin Roles
  3. Create new role with a name (e.g. “LDM Connector Admin”)
  4. Select the following Privileges:
    1. Organization Units > Read
    2. Chrome Management > Manage ChromeOS Devices > Read > Telemetry API
  5. Continue the role creation process
  6. Assign Service Accounts
  7. Enter the service account email address (e.g. “ldm-cloudconnector-user@ldm-cloudconnector.iam.gserviceaccount.com”)
  8. Click Assign Role

VIII. Configure Lenovo Device Orchestration Cloud Connector

  1. Login to LDM
  2. Go to Device Management > Devices and select + Add Device
  3. Under ChromeOS section, select please visit Policy Management > Connectors page to add/modify the connection details. Refer to Utilizing Policy Management.
Info
Once the connection is configured, you can proceed to onboard Chrome devices. For more information, refer to Onboarding Chrome Devices to LDM.


    • Related Articles

    • Onboarding Windows Devices to LDM

      Lenovo Device Manager supports an automated process that simplifies the onboarding of Windows devices. Users can easily download the .zip file package with the necessary files and apply to the devices. Any Lenovo Windows device can be automatically ...

    • Customizing LDM Portal

      Lenovo Device Manager (LDM) offers the customization capability to administrators to select specific devices, OS, and device management features within a specific organization's LDM instance. For new organization(s), LDM supports all devices and ...

    • Integrating Microsoft Entra ID with LDM

      Register an Application in Microsoft Entra ID Navigate to the Microsoft Azure Portal. Proceed to Microsoft Entra ID > App registrations and select New registration. Register a new application. Securely note the following generated values: Application ...

    • Onboarding Chrome Devices to LDM

      Lenovo Device Manager supports an automated process that simplifies the onboarding of Chrome devices. The setup is unique for the organization and must not be shared. To set up a new LDM account, it is mandatory to have a Lenovo ID and get an email ...

    • Migrating LDM to Okta

      To migrate LDM to OKTA, follow these steps outlined below. In your Lenovo Device Manager portal, click User Profile in the top right-hand corner and navigate to Organization Account. Note: This option is available only for Owners. In Organization ...