View and configure apps and extensions

For administrators who manage Chrome policies from the Google Admin console.

As a Chrome Enterprise admin, you can use your Admin console to set policies for a specific Chrome app, extension, or supported Android app. For example, you might force-install an app and pin it to users' Chrome taskbar.  

Before you begin

  • To make settings for a specific group of users or enrolled Chrome Browsers, put the user accounts or browsers in an organizational unit.
  • To apply settings for Chrome Browser users on Windows, Mac, or Linux computers, turn on Chrome Management for the organizational unit that they belong to.

Open all   |   Close all

Make App Management settings

Can apply for signed-in users on any device, or enrolled browsers on Windows, Mac, or Linux. Learn more

Set policies for an app (main steps)
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome management.

    If you don't see Devices on the Home page, click More controls at the bottom.

  3. Click Apps & extensions.
  4. On the left, select the organizational unit where you want to configure settings.
    For all users, select the top-level organization. Otherwise, select a child organization. Initially, an organizational unit inherits the settings of its parent.
  5. At the top, click the type of app or extension you want to configure:
    • Users & Browsers—Configure the app for users who sign in with a managed Google Account on any device, and for enrolled browsers.
    • Kiosks—Deploy the app to a managed Chrome device as a kiosk app if the app is kiosk-enabled in the app’s manifest file. For information about turning devices running Chrome OS into single-purpose devices, see Create and deploy Chrome kiosk apps.
    • Managed Guest Sessions—Configure the app for users who sign in to a managed guest session on a managed Chrome OS device.
  6. Find and click the app you want to manage. See View apps below.
  7. Set the app and extension policies you want to change. Learn about each setting.
  8. Click Save.
View apps

From your Admin console, you can list all apps and extensions you've set policies for in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome management.

    If you don't see Devices on the Home page, click More controls at the bottom.

  3. Click Apps & extensions.
  4. On the left, select the organizational unit where you want to view apps.
    For all users, select the top-level organization. Otherwise, select a child organization. Initially, an organizational unit inherits the settings of its parent.
  5. At the top, click the type of app or extension you want to view:
    • Users & Browsers
    • Kiosks
    • Managed Guest Sessions
  6. At the top, click Add a filter and search by:
    • Full-text—Enter the app or extension name or ID.
    • Title—Enter the app or extension name.
    • ID—Enter the app or extension ID.
    • Type—Choose whether to display Android or Chrome apps.
    • Installation policy—Choose whether to display apps, depending on their installation policy.
  7. Click Apply.
Add apps

You can search for apps in the Chrome Web Store or Google Play that you want to configure. Or you can add by URL to install a progressive web app for users or create a shortcut to a website.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome management.

    If you don't see Devices on the Home page, click More controls at the bottom.

  3. Click Apps & extensions.
  4. On the left, select the organizational unit where you want to view apps.
    For all users, select the top-level organization. Otherwise, select a child organization. Initially, an organizational unit inherits the settings of its parent.
  5. At the top, click the type of app or extension you want to view:
    • Users & Browsers
    • Kiosks
    • Managed Guest Sessions
  6. Click Add Add and choose one of the following:
    • Add from Chrome Web Store
    • Add from Google Play
    • Add Chrome app or extension by ID
    • Add by URL (available for Users & browsers only)
  7. Search for and click the app you’d like to manage.
  8. Click Select.
  9. If prompted, accept the app permissions on behalf of your organization.

Learn about installation policies

Available installation policies depend on whether you're updating an app or extension for users and browsers, kiosks or managed guest sessions.

Installation policy What it does Applies to
Allow install Lets users install the app. Users & browsers
Block Prevents users from installing the app. Removes the app
from users that have the app installed
Users & browsers
Force install Installs the app automatically and prevents users
from removing it.

Users & browsers

Managed guest sessions

Force install + pin Installs the app automatically and prevents users
from removing it. On devices running Chrome OS, pins
the app to the taskbar.

Users & browsers

Managed guest sessions

Installed Installs the app automatically and prevents users
from removing it.
Kiosks
Not Installed Uninstalls the app automatically. Kiosks

Learn about app and extension settings

Available settings depend on whether you're updating an app or extension for users and browsers, kiosks or managed guest sessions.

Users & Browsers and Managed Guest Sessions settings

Include in Chrome Web Store collection
Recommends the app to your users in the Chrome Web Store.
Permissions and URL access

Prevent users from running apps or extensions that request certain permissions that your organization doesn’t allow. For details, see Prevent users from running apps based on permissions

Control whether apps or extensions in general can alter web pages you specify. For details, see Prevent Chrome extensions from altering webpages.

Kiosks and Managed Guest Sessions settings

Policy for extensions

For some apps and extensions, you can install custom policies. For example, a digital signage kiosk app might have a schedule of events that’s contained in a JSON file.

Before you install custom policies, check the app or extension’s documentation to see what custom policies you can set, if any. Then, enter the JavaScript® Object Notation (JSON) data in the text field. You can use this third-party JSON compression tool to validate policies.

Kiosk settings

Allow App to Manage Power
Lets the app call the power APIs to modify the default Chrome device behavior.
Use Unified Desktop
Lets users span an app across multiple monitors or TVs that have the same resolution. Up to 2 external displays are supported. When enabled, unified desktop is the default mode when a user connects a monitor to their device. When disabled, users can still use 2 external displays, but individual windows will be in one display or the other, even if the desktop is extended across both.
Allow Virtual Keyboard
Allows the virtual keyboard for an app. When turned off, the virtual keyboard never pops up, even on devices with touch screens or with touch enabled.
Enable Plug-ins
Sets whether websites are allowed to run plug-ins. Plug-ins are used by websites to enable certain types of web content (such as Adobe® Flash®) that Chrome can't inherently process. By default, plug-ins run automatically on kiosks.
Set Keyboard Top Row as FN Keys
Determines the default behavior of the top row of keys on the keyboard. When you turn on this setting, the keys act as function keys, such as F1 and F2. When you turn it off, they act as media keys, such as Play and Pause. Users can turn a function key into a media key (and vice versa) by holding down the Search key on the Chromebook keyboard.

Auto-Launch Kiosk App Settings

Enable Health Monitoring
Select Enable Health Monitoring to allow the health status of the kiosk to be reported. After doing this, you can check if a device is online and working properly.
Enable System Log Upload

Select Enable System Log Upload to automatically capture system logs for kiosk devices. Logs are captured every 12 hours and uploaded to your Admin console, where they’re stored for a maximum of 60 days. At any one time, 7 logs are available to download—1 for each day for the past 5 days, 1 for 30 days ago, and 1 for 45 days ago.

For more information, see Monitor kiosk health.

Note: Before you enable logs to be uploaded, you must inform the users of managed kiosk devices that their activity may be monitored and data may be inadvertently captured and shared. Without notification to your users, you are in violation of the terms of your agreement with Google.

Screen Rotation (Clockwise)
To configure screen rotation for your kiosk devices, select your desired screen orientation. For example, to rotate the screen for a portrait layout, select 90 Degrees. This policy can be overridden by manually configuring the device to a different screen orientation.

Related topics

Was this helpful?
How can we improve it?