Configuring Google Workspace Integration for ChromeOS

Configuring Google Workspace Integration for ChromeOS

This article explains how to configure Google Workspace for ChromeOS within Lenovo Device Orchestration (LDO). This setup enables LDO to securely connect with your organization’s Google Cloud environment and retrieve ChromeOS device data for monitoring and management.

Once the configuration is complete, you can proceed to onboard ChromeOS devices to Device Management.
Info
Only one Google Cloud connection can be configured per LDO organization.

I. Find Google Workspace Account Customer ID.

  1. Log in to Google Admin > Account > Account Settings (https://admin.google.com/ac/accountsettings)  (e.g. C02fy2zib).

II. Create a Google Cloud Project and enable API Access

  1. Go to https://console.cloud.google.com/apis/dashboard 
  2. Create a Project (e.g. “ldo-cloudconnector”).


  3. Select
    Enable APIs and Services. 


  4. In the library, search for and enable Admin SDK API.



  5. Search for Chrome Management API and enable. 

III. Create a Google Cloud Service Account

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  3. Select the Project you created and click Create a Service Account.
    1. Service Account Name (e.g. “ldo-cloudconnector-user”).
    2. Service Account ID (Google will automatically generate one).
    3. Service Account Description.
  4. Continue without granting roles or permissions to this service account.
  5. Copy the service account email (e.g. “ldo-cloudconnector-user@ldo-cloudconnector.iam.gserviceaccount.com”).

IV. Create Credentials for the Service Account

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  2. Select the Service Account.
  3. Go to Keys > Add Key > Create New Key.
  4. Select JSON.
  5. The JSON Credential will be downloaded to your device (keep this file secure).

V. Configure Domain-wide Delegation

  1. Go to https://console.cloud.google.com/iam-admin/serviceaccounts 
  2. Select the Service Account
  3. Expand Advanced Settings and copy the Client ID (e.g. “123456789012345678901”
  4. Log in to Google Workspace Admin (https://admin.google.com) 
  5. Go to Security > Access and data control > API Controls
  6. Click Manage Domain Wide Delegation > Add New
  7. Paste the Service Account’s Client ID that was copied earlier
  8. Paste the following OAuth Scopes:
  9. https://www.googleapis.com/auth/chrome.management.telemetry.readonly,https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly
  10. Authorize and Confirm Consent.

VI. Enable Device Telemetry Reporting

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to Devices > Chrome > Settings > Device Settings
  3. In the User and Device Reporting section, select Report Device Telemetry
  4. Enable the following components for your Organizational Unit:
    1. Power Status
    2. Network Status
    3. Storage Status
    4. Network Configuration



  5. Save Changes.

VII. Create Google Workspace Admin Role

  1. Log in to Google Workspace Admin (https://admin.google.com) 
  2. Go to Account > Admin Roles
  3. Create new role with a name (e.g. “LDO Connector Admin”)
  4. Select the following Privileges:
    1. Organization Units > Read
    2. Chrome Management > Manage ChromeOS Devices > Read > Telemetry API
  5. Continue the role creation process
  6. Assign Service Accounts
  7. Enter the service account email address (e.g. “ldo-cloudconnector-user@ldo-cloudconnector.iam.gserviceaccount.com”)
  8. Click Assign Role.

VIII. Configure Lenovo Device Orchestration Cloud Connector

  1. Login to LDO.
  2. Go to Device Management > Devices, and select + Add Device.
  3. Under ChromeOS section, select please visit Policy Management > Connector page to add/modify the connection details. Refer to Using Policy Management.
Once the connection is configured, you can proceed to onboard Chrome devices. For more information, refer to Onboarding Chrome Devices.




    • Related Articles

    • Setting Up LDO ServiceNow Integration

      Prerequisites Before configuring the integration between LDO and ServiceNow, ensure the following prerequisites are met to establish proper synchronization: Terminology Alignment In LDO, a physical device (such as a laptop, desktop, or server) is ...

    • Intel® EMA CIRA Connection Issues in LDO

      There may be occasions when the EMA CIRA connection will display the status as Not Connected in the Device tray - please refer to Viewing Device information - Windows operating system. This troubleshooting article will help you resolve the Not ...

    • Configuring Entra ID for LDO SSO

      This guide explains how to migrate Lenovo Device Orchestration (LDO) to Microsoft Entra ID. This process involves setting up a new app in Microsoft Entra, collecting necessary configuration data, and updating the authentication settings in LDO. ...

    • Enabling Okta for Single Sign-On

      To enable Okta: Go to Organization Settings > Organization Account. This option is available only for Owners. Select the Authentication tab, then click Change provider and follow the instructions. On the Authentication provider screen, select Okta, ...

    • Configuring Device Policy

      Device Policy The Device Policy allows LDO users to configure when the device’s UDC agent (Universal Device Client) is permitted to update itself upon the release of a new version. The Update Option can be set to either Auto or Disabled. When the ...