Manage Chrome devices with EMM console
For administrators who manage Chrome devices for a business or enterprise.
As a Chrome administrator, if you have an approved EMM partner, you can use your enterprise mobility management (EMM) console to manage your Chrome devices and policies.
Approved EMM partners
Approved EMM partners can provide tools to help you manage Chrome devices and policies within your organization. There are 5 approved partners:
- Cisco© Meraki©
- Citrix© XenMobile©
- IBM© MaaS360©
- ManageEngine© Mobile Device Manager Plus©
-
VMware Workspace ONE®
Note: To manage Chrome devices through an EMM partner, you need Chromebook Enterprise devices or devices with an upgrade, such as Chrome Enterprise Upgrade, in addition to any licenses that may be required by an EMM provider.
Considerations when using the EMM console
One console usually suits most admins—you can integrate all the devices together and manage them in one place. However, you can use the EMM console and the Google Admin console together. If you do:
- EMM console settings take precedence over settings in the Admin console.
- Devices and users might belong to different organizational units in each console. In turn, the same device might have a different policy in each console.
Turn on access to the EMM console
Step 1: Set up OAuth 2.0
Step 2: Turn on access to the EMM console for devices
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Devices
Chrome management.
If you don't see Devices on the Home page, click More controls at the bottom.
- Click Device settings.
- (Optional) To customize the management level across organizational units, on the left, select an organizational unit.
Important: By default, devices automatically enroll in the top-level organizational unit. If you are not enabling partner access at the top-level organizational unit, make sure you configure device enrollment for an organizational unit where partner access is enabled. That way, newly enrolled devices are accessible using the EMM partner management console. For more information, see Device Enrollment. - In the Chrome Management - Partner Access section, check the Enable Chrome Management - Partner Access box.
- Agree to enable partner access and click Enable Chrome Management - Partner Access.
- Click Save.
Chrome management.
Step 3: Turn on access to the EMM console for users
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Devices
If you don't see Devices on the Home page, click More controls at the bottom.
- Click User & browser settings.
- In the Chrome Management - Partner Access section, check the Enable Chrome Management - Partner access box.
- Agree to enable partner access and click Enable Chrome Management - Partner Access.
- Click Save.
Step 4: Set up Android for your organizational unit
Stop using the EMM console to manage devices
When you stop using the EMM console to manage devices, the policies that you set (or have already set) in the Admin console are immediately applied to users and devices.
To quit using the EMM console, follow the steps below or you can revoke OAuth 2.0 authorization. For details, see Revoking a token.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Devices
If you don't see Devices on the Home page, click More controls at the bottom.
- Click Device Settings.
- In the Chrome Management - Partner Access section, uncheck the Enable Chrome Management - Partner Access box.
- Click Save.
- Go back to Device management and click Chrome management.
- Uncheck the Enable Chrome Management - Partner access box and click Save.