Configuring Google Workspace Integration for ChromeOS

Configuring Google Workspace Integration for ChromeOS

This article explains how to configure Google Workspace for ChromeOS within Lenovo Device Orchestration (LDO). This setup enables LDO to securely connect with your organization’s Google Cloud environment and retrieve ChromeOS device data for monitoring and management.

Once the configuration is complete, you can proceed to onboard ChromeOS devices to Device Management.
Info
Only one Google Cloud connection can be configured per LDO organization.

I. Open two browser tabs. You will need these tabs throughout the process.

  1. Navigate to the Google Workspace Admin and log in.
  2. Navigate to Google Cloud and log in.  https://console.cloud.google.com/

II. Create a Google Cloud Project and enable API Access

  1. Go to the Google Cloud tab. In the left-hand menu, click APIs & Services > Enabled APIs  & services
  2. Click Create Project, then enter a project name (e.g. “ldo-cloudconnector”).
  3. On the project page, select Enable APIs and services
  4. In the library, search for the Admin SDK API, then enable it.
  5. Return to Enable APIs and services. 
  6. Search for the Chrome Management API and enable it. 

III. Create a Google Cloud Service Account

  1. On the same tab, in the left-hand menu, click IAM & Admin > Service Accounts
  2. Select the Project you created (if not already selected) and click Create a Service Account.
  3. Complete the folowing fields:
    1. Service Account Name (e.g. “ldo-cloudconnector-user”).
    2. Service Account ID (automatically generated by Google).
    3. Service Account Description (optional).
  4. Continue without granting roles or permissions to this service account.
  5. Copy the service account email (e.g. “ldo-cloudconnector-user@ldo-cloudconnector.iam.gserviceaccount.com”).

IV. Create Credentials for the Service Account

  1. On the same tab:  
    1. Select the Service Account you just created.
    2. Go to Keys > Add Key > Create New Key.
    3. Select JSON.
    4. The JSON Credential will be downloaded to your device (keep this file secure).

V. Configure Domain-wide Delegation

  1. Return to Service Accounts on the same tab in Google Cloud.  
  2. Select the Service Account you just created.
  3. Expand Advanced Settings and copy the Client ID (e.g. “123456789012345678901”.
  4. Switch to the Google Workspace Admin tab.
  5. Go to Security > Access and data control > API Controls
  6. Click Manage Domain Wide Delegation > Add New
  7. Paste the Service Account’s Client ID.
  8. Paste the following OAuth Scopes (one at a time):
  9. Authorize and confirm consent.

VI. Enable Device Telemetry Reporting

  1. Log in to Google Workspace Admin https://admin.google.com .
  2. Go to Devices > Chrome > Settings > Device Settings.
  3. Scroll to User and Device Reporting section, select Report Device Telemetry.
  4. If not already, enable the following components for your Organizational Unit:
    1. Power Status
    2. Network Status
    3. Storage Status
    4. Network Configuration
  5. Save Changes.

VII. Create Google Workspace Admin Role

  1. On the same tab, go to Account > Admin Roles.
  2. Create new role and name it (e.g. “LDO Connector Admin”)
  3. Select the following Privileges (you will have to scroll several pages):
    1. Chrome Management > Manage ChromeOS Devices > Read > Telemetry API
    2. Organization Units > Read
  4. Click Continue and Create role.
  5. Click Assign service accounts
  6. Enter the service account email address (e.g. “ldo-cloudconnector-user@ldo-cloudconnector.iam.gserviceaccount.com”). To copy and paste, switch to the Google Cloud tab, in the left-hand menu, select IAM & Admin > Service accounts.
  7. Click Add and Assign Role.

VIII. Configure Lenovo Device Orchestration Cloud Connector

  1. Login to LDO.
  2. Go toDevice Management> Feature Settings > Connectors.  (if you do not see Policy Management > Feature Settings, click + to add a device and use the link to Policy Management).
  3. Click Add Connection.
  4. Under ChromeOS section, select please visit Policy Management > Connector page to add/modify the connection details. Refer to Using Policy Management.
  5. Enter your Customer ID from the Google Workspace Admin tab.
  6. Enter your Google Workspace Admin email address
  7. Upload the JSON file you downloaded earlier.
  8. Click Connect.
  9. Once the connection is configured, you can proceed to onboard Chrome devices. For more information, refer to Onboarding Chrome Devices.




    • Related Articles

    • Setting Up LDO ServiceNow Integration

      Prerequisites Before configuring the integration between LDO and ServiceNow, ensure the following prerequisites are met to establish proper synchronization: Terminology Alignment In LDO, a physical device (such as a laptop, desktop, or server) is ...

    • Intel® EMA CIRA Connection Issues in LDO

      There may be occasions when the EMA CIRA connection will display the status as Not Connected in the Device tray - please refer to Viewing Device information - Windows operating system. This troubleshooting article will help you resolve the Not ...

    • Configuring Entra ID for LDO SSO

      This guide explains how to migrate Lenovo Device Orchestration (LDO) to Microsoft Entra ID. This process involves setting up a new app in Microsoft Entra, collecting necessary configuration data, and updating the authentication settings in LDO. ...

    • Enabling Okta for Single Sign-On

      To enable Okta: Go to Organization Settings > Organization Account. This option is available only for Owners. Select the Authentication tab, then click Change provider and follow the instructions. On the Authentication provider screen, select Okta, ...

    • Configuring Device Policy

      Device Policy The Device Policy allows LDO users to configure when the device’s UDC agent (Universal Device Client) is permitted to update itself upon the release of a new version. The Update Option can be set to either Auto or Disabled. When the ...