Google Chrome Management

By Andrew Merrick

Manage the Google Chrome browser to push managed bookmarks, browser extensions, and other options.


You can use Kandji either to enroll the Google Chrome browser into Chrome Browser Cloud Management or to push managed preferences directly. Either method will allow you to set bookmarks, allow extensions, and manage other settings in Google Chrome. If you already have a Google Workspace domain, Cloud Management is the preferred method because it allows you to enroll the browser once using Kandji and then use Google Admin to set options for all devices and also deliver customizations for devices, device groups, and users and user groups signed in to the browser. Setting managed preferences in a custom configuration profile will also deliver managed bookmarks, extensions, and other settings, but updates will require a new configuration profile to be uploaded to Kandji for each change.

Chrome Browser Cloud Management

You can manage the browser on a computer using Google's Chrome Browser Cloud Management by delivering a configuration profile that contains a cloud management enrollment token from Google. This token will direct Google Chrome to allow management by the associated organization.


Set up Cloud Management

The Chrome Browser Cloud Management support site provides instructions to begin the setup.

Generate a new cloud management enrollment token

Once you have completed the setup in Google Admin, you will need to follow the directions below Step 1: Generate enrollment token on Google's support site. This token will be a long text string that you will use in the next step and enter into your configuration profile.


Modify the configuration profile template with your enrollment token

Here is a template configuration profile that you can customize for your organization. Create a new file in a text editor like Atom and paste in the following text to start your new configuration profile.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>PayloadDescription</key>
 <string>Cloud Management enrollment for the Google Chrome web browser</string>
 <key>PayloadDisplayName</key>
 <string>Chrome Browser Cloud Management</string>
 <key>PayloadIdentifier</key>
 <string>io.kandji.chrome.FDB0E555-2C6E-49AE-B117-AF62C787444C</string>
 <key>PayloadOrganization</key>
 <string>Kandji, Inc.</string>
 <key>PayloadScope</key>
 <string>System</string>
 <key>PayloadType</key>
 <string>Configuration</string>
 <key>PayloadUUID</key>
 <string>FDB0E555-2C6E-49AE-B117-AF62C787444C</string>
 <key>PayloadVersion</key>
 <integer>1</integer>
 <key>PayloadContent</key>
 <array>
 <dict>
 <key>CloudManagementEnrollmentToken</key>
 <string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
 <key>CloudManagementEnrollmentMandatory</key>
 <true/>
 <key>PayloadEnabled</key>
 <true/>
 <key>PayloadDisplayName</key>
 <string>Chrome Browser Settings</string>
 <key>PayloadIdentifier</key>
 <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
 <key>PayloadUUID</key>
 <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
 <key>PayloadType</key>
 <string>com.google.Chrome</string>
 <key>PayloadVersion</key>
 <integer>1</integer>
 </dict>
 </array>
</dict>
</plist>

You will need to replace XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX inside the <string> tags below the line containing <key>CloudManagementEnrollmentToken</key> with your enrollment token generated in the previous step.

Save this file as ChromeBrowserCloudManagement.mobileconfig to a location like your desktop where you will be able to find it easily. 

Create a custom profile in Kandji

In the Kandji admin console (e.g. https://subdomain.kandji.io) navigate to the Library module and follow these steps.

  1. Click + Add New to open the list of potential new items.
  2. Click Custom Profile and click Add & Configure+ to create a new profile.
  3. Give your profile a name such as Chrome Browser Cloud Management.
  4. Assign the profile to a Blueprint.
  5. Set the device family to Mac.
  6. Drag your configuration profile into the box for the profile that says Drag here or click to upload .mobileconfig file.
  7. Click Save.

Google Chrome Managed Preferences

Even if you aren't using Google Workspace, you may still want to deliver bookmarks or approve extensions for the Google Chrome browser. You can do this by creating a custom profile in a tool like ProfileCreator.


Download and Install iMazing Profile Editor:

  1. Navigate to iMazing Profile Editor
  2. Click "Free Download" or download from the Mac App Store.
  3. If downloaded directly, open the iMazingProfileEditorMac.dmg and drag iMazing Profile Editor.app to your Applications folder.

Create Your Chrome Profile

Once you have iMazing Profile Editor open, follow these steps.

  1. Select the General domain on the left side.
  2. Set Name to whatever you would like the profile name to be.
  3. Set Identifier to a unique string.
  4. Set Organization to your Organization's name.
  5. Set Payload Description to describe the profile's purpose.
  6. Set Payload Scope to System.
  7. In the upper right-hand search box, search for Chrome, and Add Configuration Payload.
  8. Configure the appropriate options for the Chrome payload.

  9. Navigate to the Menu Bar and click File > Save.

  10. Select a save location and Save your profile. 

Upload Your Custom Chrome Profile to Kandji

  1. In the Kandji web app, click Library from the left-hand navigation bar.
  2. Click AddNew on the top right.
  3. Click Custom Profile.
  4. Click Add & Configure.
  5. Select a Blueprint from the Blueprint dropdown. 
  6. Drag and drop your profile to upload it. It will automatically give itself the name of the profile you have uploaded.
  7. Save your custom profile.

The devices enrolled in the selected Blueprints will use these Chrome settings after their next check-in with Kandji.