探花大神

Contact Us
Help Center Home > Conditional Access Policies > Configure Google Chrome Enterprise Device Trust with 探花大神

Configure Google Chrome Enterprise Device Trust with 探花大神

To be able to manage your users' access through a managed Chrome browser or profile, there are a couple prerequisite steps. First, you must enroll a managed Chrome browser in your Google Admin console. Then, you should enroll your organization's devices in the managed Chrome instance using a browser patch policy in 探花大神. With your devices bound to a managed Chrome browser policy, you can configure device trust with 探花大神 in the Google Admin console and then apply a manage Chrome conditional access policy to the devices in 探花大神.

Enrolling a Managed Browser in Google

Step 1: Generating an Enrollment Token in Google

  1. Sign in to the using an administrator account.
  2. Go to Devices > Chrome browser > Managed browsers
    • For Chrome Enterprise Core users, go to Chrome browser > Managed browsers.
  3. Click Enroll. If this is your first time enrolling a browser, you鈥檒l be prompted to accept the Chrome Enterprise Core Terms of Service.
  4. Copy to copy the generated enrollment token to the clipboard and then click DONE.

Step 2: Creating and Applying a Policy in 探花大神

The next step is to deliver the Enrollment Token to your endpoints through your Device Management solution. Refer to Google's for supported methods and detailed instructions for each.

In 探花大神, use a browser management policy to deliver the enrollment token.

To configure a Chrome Browser Mangement policy:

  1. Log in to the .
  2. Go to DEVICE MANAGEMENT > Policy Management.
  3. From the Patch Management tab, click Browser.
  4. Select your existing Chrome Browser Management policy, if applicable, or click + > Google Chrome to create one.
  5. In the new policy, under Chrome Browser Cloud Management Settings, select the option to Enroll in Chrome Browser Cloud Management.
  6. Under Chrome Browser Cloud Management Enrollment Token, paste the enrollment token generated in the previous steps.
  7. (Optional) Select the option to Enable Chrome Browser Cloud Management Reporting.
  8. Select the Device Groups tab to select one or more device groups where you'll apply this policy.
  9. Select the Devices tab to select one or more devices where you'll apply this policy.
  10. Click Save when finished. The policy is applied to the selected devices, distributing the enrollment token.

Step 3: Checking Device Enrollment in Google

After the policy is applied and the token is detected, the enrollment process is queued.

Note:

Enrollment may take between 5-30 minutes in some cases.

To verify that the devices have properly enrolled:

  1. Sign in to the using an administrator account.
  2. Go to Devices > Chrome browser > Managed browsers
    • For Chrome Enterprise Core users, go to Chrome browser > Managed browsers.
  3. Devices are listed, along with browser information if Enable Chrome Browser Management Reported was selected in the previous configuration.

Tip:

Users can view details about the managed Chrome browser on their devices by typing chrome://policy in into the address bar.

Configuring and Applying Google Enterprise Device Trust

Prerequisites:

  • Google Workspace subscription (any edition that includes core management features)
  • Chrome Enterprise Core subscription or higher is enabled for your domain within the Google Admin console, accessible through Billing > Subscriptions
  • Administrator account access to Google Admin console


To configure the device trust connector:

  1. Log in to the .
  2. Go to SECURITY MANAGEMENT > Device Trust Chrome Device Trust.
  3. Collect the URL Pattern to follow and Service Account. You will use these values to configure the device trust connector in the Google Admin console.
  4. Log in to the Google Admin console.
  5. Go to Devices > Chrome > Connectors and click New provider configuration.
  6. Choose Universal Device Trust from the provider list and click SET UP.
  7. In the configuration details, enter the following:
    [image]
    • Enter an identifiable Configuration name, such as 探花大神 Device Trust.
    • URL patterns to allow, one per line: Paste the URL Pattern you collected from the 探花大神 Admin Portal
    • Service accounts, one per line: Paste the Service Account you collected from the 探花大神 Admin Portal
    • For Enforcement level, ensure Managed browsers and profiles is selected.
  8. Click Add Configuration when done.
  9. On the Connectors page, select the organizational unit to apply the configuration.
  10. Ensure the Device trust connector configuration you just created is Locally applied:

Creating a Managed Chrome Conditional Access Policy in 探花大神

Default access policy settings dictate the behavior of access rules when no conditional access policies are applied. When default settings are configured to Allow Authentication, you can configure specific deny rules through conditional access policies. See Set a Default Access Policy for more.

探花大神 offers conditions for managed Chrome Browsers and managed Chrome profiles. A聽Google Chrome managed browser聽is a version of the Chrome browser that is centrally controlled by an organization using聽enterprise management tools聽such as the Google Admin console and third-party MDM or identity platforms like 探花大神. A Google Chrome managed profile is a Chrome user profile that is signed in with a work (Google Workspace) account, and enrolled under organizational management policies. See Google's for more information.

Follow the initial steps to create a new conditional access policy in Configure a Conditional Access Policy. Review the steps below to configure a condition for your particular use case.

Deny access on a managed device unless accessing on a managed Chrome browser

For managed devices, this policy will deny access (to SSO applications or the User Portal) if the managed Chrome browser enrollment domain is not one of the organizational domains listed in the policy. This will also deny access to the selected applications on other, unmanaged browsers.

  • From the initial drop-down, ensure All of the conditions must match for the policy to apply.
  • Select Device Management as a first Condition.
    • For Operator, select Is.
    • The Value defaults to 探花大神 managed.
  • Click Add Condition.
  • For Condition, select Managed Chrome Browser.
    • For Operator, select Enrollment Domain is.
    • For Value, enter the relevant domains. Include all allowed domains as comma separated values (jumpcloud.in, jumpcloud.com, etc.).
Deny access on an unmanaged device unless accessing on a managed Chrome profile

For unmanaged devices, this policy will deny access (to SSO applications or the User Portal) if the managed Chrome profile enrollment domain is not one of the organizational domains listed in the policy. Access to apps will be denied through guest AND personal profiles, and only allowed through the work domain-based profile.

  • From the initial drop-down, ensure All of the conditions must match for the policy to apply.
  • Select Device Management as a first Condition.
    • For Operator, select Is Not.
    • The Value defaults to 探花大神 managed.
  • Click Add Condition.
  • For Condition, select Managed Chrome Profile.
    • For Operator, select Enrollment Domain is.
    • For Value, enter the relevant domains. Include all allowed domains as comma separated values (jumpcloud.in, jumpcloud.com, etc.).
Back to Top

List IconIn this Article

Notebook IconLearn More

Configure a Conditional Access Policy

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case