Google Chrome Management with Kandji

Manage the Google Chrome Browser to push managed bookmarks, browser extensions, and other options.

You can use Kandji to either enroll the Google Chrome browser into Chrome Browser Cloud Management or push managed preferences directly. Either method will allow you to set bookmarks, allow extensions, and manage other settings in Google Chrome. If you already have a G Suite domain, Cloud Management is the preferred method because it allows you to enroll the browser once using Kandji and then use Google Admin to set options for all devices and also deliver customizations for devices, device groups and users and user groups signed in to the browser. Setting managed preferences in a custom configuration profile will also deliver managed bookmarks, extensions, and other settings, but updates will require a new configuration profile to be uploaded to Kandji for each change.

Chrome Browser Cloud Management

You can manage the browser on a computer using Google's Chrome Browser Cloud Management by delivering a configuration profile that contains a cloud management enrollment token from Google. This token will direct Google Chrome to allow management by the associated organization.

  1. Setup Cloud Management
  2. Generate a new cloud management enrollment token
  3. Modify the configuration profile template with your enrollment token
  4. Create a Custom Profile in Kandji

Setup Cloud Management

The Chrome Browser Cloud Management support site provides instructions to begin the setup.

Generate a new cloud management enrollment token

Once you have completed the setup in Google Admin, you will need to follow the directions below Step 1: Generate enrollment token on Google's support site . This token will be a long text string that you will use in the next step and enter into your configuration profile.

Modify the configuration profile template with your enrollment token

Here is a template configuration profile that you can customize for your organization. Create a new file in a text editor like Atom and paste in the following text to start your new configuration profile.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadDescription</key>
<string>Cloud Management enrollment for the Google Chrome web browser</string>
<key>PayloadDisplayName</key>
<string>Chrome Browser Cloud Management</string>
<key>PayloadIdentifier</key>
<string>io.kandji.chrome.FDB0E555-2C6E-49AE-B117-AF62C787444C</string>
<key>PayloadOrganization</key>
<string>Kandji, Inc.</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>FDB0E555-2C6E-49AE-B117-AF62C787444C</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadContent</key>
<array>
<dict>
<key>CloudManagementEnrollmentToken</key>
<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
<key>CloudManagementEnrollmentMandatory</key>
<true/>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>Chrome Browser Settings</string>
<key>PayloadIdentifier</key>
<string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
<key>PayloadUUID</key>
<string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
<key>PayloadType</key>
<string>com.google.Chrome</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</dict>
</plist>

You will need to replace XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX inside the <string> tags below the line containing <key>CloudManagementEnrollmentToken</key>. Replace the Xs with your enrollment token generated in the previous step.

Save this file as ChromeBrowserCloudManagement.mobileconfig to a location like your desktop where you will be able to use it. Now that you have your configuration profile created, we will use it to create a new Custom Profile in Kandji.

Create a Custom Profile in Kandji

In the Kandji admin console (eg. https://subdomain.kandji.io) navigate to the Library module and follow these steps.

  1. Click + Add New to open the list of potential new items
  2. Click Custom Profile and click Add & Configure + to create a new profile
  3. Give your profile a name like "Chrome Browser Cloud Management"
  4. Assign the profile to a blueprint
  5. Set the device family to Mac
  6. Drag your configuration profile into the box for the profile that says "Drag here or click to upload .mobileconfig file"
  7. Click Save.

Google Chrome Managed Preferences

Even if you aren't using G Suite, you may still want to deliver bookmarks or approve extensions for the Google Chrome browser. You can do this by creating a custom profile in a tool like ProfileCreator.

Download and install ProfileCreator:

  1. Navigate to https://github.com/ProfileCreator/ProfileCreator.
  2. Scroll down to the Read Me section.
  3. Click the link under Download to download the latest version of Profile Creator.
  4. Drag and Drop ProfileCreator into your Applications folder.

Create your Chrome Profile:

Once you have ProfileCreator open follow these steps.

  1. Click the Add button in the top left as shown below.
  2. Set Name to whatever you would like the profile name to be.
  3. Set Payload Description to a description of the profile.
  4. Set Organization to your Organization's name.
  5. Set Payload Scope to System.
  6. In the toolbar below the General payload, select Managed Application Preferences
  7. In the lower left-hand search box, search for and select Chrome.
  8. Configure the appropriate options inside of the Chrome payload.
  9. Click Add in the top right corner of the Chrome Payload.
  10. Click the Share option in the top right.

  11. Select a save location and Save your profile.

Upload your Custom Chrome Profile to Kandji

  1. Click Library from the left-hand navigation bar.
  2. Click Add New on the top right-hand side.
  3. Click Custom Profile.
  4. Click Add & Configure.
  5. Select a Blueprint from the Blueprint Assignment dropdown. 
  6. Drag and drop your dock profile to upload it will automatically give itself the name of the profile you have uploaded.
  7. Save your custom profile.

The devices enrolled in the selected Blueprints will use these Chrome settings after their next check in with Kandji.