Google Chrome Management

Manage the Google Chrome browser to push managed bookmarks, browser extensions, and other options.

You can use Kandji either to enroll the Google Chrome browser into Chrome Browser Cloud Management or to push managed preferences directly. Either method will allow you to set bookmarks, allow extensions, and manage other settings in Google Chrome. If you already have a Google Workspace domain, Cloud Management is the preferred method because it allows you to enroll the browser once using Kandji and then use Google Admin to set options for all devices and also deliver customizations for devices, device groups, and users and user groups signed in to the browser. Setting managed preferences in a custom configuration profile will also deliver managed bookmarks, extensions, and other settings, but updates will require a new configuration profile to be uploaded to Kandji for each change.

Chrome Browser Cloud Management

You can manage the browser on a computer using Google's Chrome Browser Cloud Management by delivering a configuration profile that contains a cloud management enrollment token from Google. This token will direct Google Chrome to allow management by the associated organization.

Set up Cloud Management

The Chrome Browser Cloud Management support site provides instructions to begin the setup.

Generate a new cloud management enrollment token

Once you have completed the setup in Google Admin, you will need to follow the directions below Step 1: Generate enrollment token on Google's support site. This token will be a long text string that you will use in the next step and enter into your configuration profile.

Modify the configuration profile template with your enrollment token

Here is a template configuration profile that you can customize for your organization. Create a new file in a text editor like Atom and paste in the following text to start your new configuration profile.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadDescription</key>
<string>Cloud Management enrollment for the Google Chrome web browser</string>
<key>PayloadDisplayName</key>
<string>Chrome Browser Cloud Management</string>
<key>PayloadIdentifier</key>
<string>io.kandji.chrome.FDB0E555-2C6E-49AE-B117-AF62C787444C</string>
<key>PayloadOrganization</key>
<string>Kandji, Inc.</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>FDB0E555-2C6E-49AE-B117-AF62C787444C</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadContent</key>
<array>
<dict>
<key>CloudManagementEnrollmentToken</key>
<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
<key>CloudManagementEnrollmentMandatory</key>
<true/>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>Chrome Browser Settings</string>
<key>PayloadIdentifier</key>
<string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
<key>PayloadUUID</key>
<string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
<key>PayloadType</key>
<string>com.google.Chrome</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</dict>
</plist>

You will need to replace XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX inside the <string> tags below the line containing <key>CloudManagementEnrollmentToken</key> with your enrollment token generated in the previous step.

Save this file as ChromeBrowserCloudManagement.mobileconfig to a location like your desktop where you will be able to find it easily. 

Create a custom profile in Kandji

In the Kandji admin console (e.g. https://subdomain.kandji.io) navigate to the Library module and follow these steps.

  1. Click + Add New to open the list of potential new items.
  2. Click Custom Profile and click Add & Configure+ to create a new profile.
  3. Give your profile a name such as Chrome Browser Cloud Management.
  4. Assign the profile to a Blueprint.
  5. Set the device family to Mac.
  6. Drag your configuration profile into the box for the profile that says Drag here or click to upload .mobileconfig file.
  7. Click Save.

Google Chrome Managed Preferences

Even if you aren't using Google Workspace, you may still want to deliver bookmarks or approve extensions for the Google Chrome browser. You can do this by creating a custom profile in a tool like ProfileCreator.

Download and Install ProfileCreator

  1. Navigate to https://github.com/ProfileCreator/ProfileCreator.
  2. Scroll down to the Read Me section.
  3. Click the link under Download to download the latest version of ProfileCreator.
  4. Drag and drop ProfileCreator into your Applications folder.

Create Your Chrome Profile

Once you have ProfileCreator open:

  1. Click the Add button in the top left.
  2. Set Name to whatever you would like the profile name to be.
  3. Set Payload Description to a description of the profile.
  4. Set Organization to your organization's name.
  5. Set Payload Scope to System.
  6. In the toolbar below the General payload, select Managed Application Preferences.
  7. In the lower left-hand search box, search for and select Chrome.
  8. Configure the appropriate options for the Chrome payload.
  9. Click Add in the top right corner of the Chrome payload section.
  10. Click the Share option in the top right.

  11. Select a save location and Save your profile.

Upload Your Custom Chrome Profile to Kandji

  1. In the Kandji web app, click Library from the left-hand navigation bar.
  2. Click Add New on the top right.
  3. Click Custom Profile.
  4. Click Add & Configure.
  5. Select a Blueprint from the Blueprint dropdown. 
  6. Drag and drop your profile to upload it. It will automatically give itself the name of the profile you have uploaded.
  7. Save your custom profile.

The devices enrolled in the selected Blueprints will use these Chrome settings after their next check-in with Kandji.