Manage Chrome devices with EMM console

If your organization uses an enterprise mobility management (EMM) partner, you might be able to use your EMM console, as well as the Admin console, to manage your Chrome devices and policies. With Chrome management partner access, approved EMM partners can build customized administrative tools that let you manage your Chrome devices and policies. Or you can let them manage devices and policies from their console or on your behalf.

If you use your EMM console to manage Chrome devices and policies, you can still access and use the Admin console. However, specific policies that you set in your EMM console take precedence over that policy configuration in the Admin console. For example, if guest mode is allowed for a device in your EMM console, but not allowed for the device’s organization in the Admin console, the EMM setting takes precedence and guest mode is allowed.

Organizations in the Admin console might not be structured the same as in your EMM console. Therefore, when partner access is turned on, devices that belong to the same organization in the Admin console might have different policies. This could happen if they belong to different organizational units in your EMM console or you use your EMM console to apply policies to individual devices.

Approved EMM partners

Cisco^® Meraki^®
Citrix^® XenMobile^®
IBM^® MaaS360^®
ManageEngine^® Mobile Device Manager Plus^®
VMWare^® Airwatch^®

How to

Step 1: Set up OAuth 2.0

You need to set up OAuth 2.0 to authenticate and authorize APIs.

Step 2: (Optional) Turn on partner access for devices

You can let admins use your EMM console to manage Chrome devices.

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
From the Admin console Home page, go to Device managementChrome management.
If you don't see Device management on the Home page, click More controls at the bottom.
Click Device settings.
For Chrome Management—Partner Access, check the Enable Chrome Management—Partner Access box.
Agree that you understand and want to enable partner access.
Click Enable Chrome Management—Partner Access.
Click Save.

Step 3: (Optional) Turn on partner access for users

You can let IT admins set policies for users who sign into personal or public Chrome devices.

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
From the Admin console Home page, go to Device managementChrome management.
If you don't see Device management on the Home page, click More controls at the bottom.
Click User settings.
For Chrome Management—Partner Access, check the Enable Chrome Management—Partner access box.
Agree that you understand and want to enable partner access.
Click Enable Chrome Management—Partner Access.
Click Save.

Step 4: Set up Android for your organization

You need to set up Android for your organization so admins can manage Android apps on Chrome devices using your EMM console.

Prevent using EMM console to manage Chrome devices

If you no longer want to use your EMM console to manage Chrome devices and policies, you need to turn off partner access in the Admin console or revoke OAuth 2.0 authorization. Then, policies that you set in the Admin console are immediately applied to users and devices.

To turn off API access:

Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
From the Admin console Home page, go to Device managementChrome management.
If you don't see Device management on the Home page, click More controls at the bottom.
(Optional) To turn off partner access for users:
1. Click User settings.
2. For Chrome Management—Partner Access, uncheck the Enable Chrome Management—Partner access box.
3. Click Save.
(Optional) To turn off partner access for devices:
1. Click Device settings.
2. For Chrome Management—Partner Access, uncheck the Enable Chrome Management—Partner access box.
3. Click Save.

Was this article helpful?

How can we improve it?