Auto-Activation of the GravityZone MTD for Android on Chromebook
The Google Admin Console facilitates app installation on Chromebooks. The app permissions are automatically accepted with the configurations outlined in this documentation. The device's app can be activated automatically with a single click
Prerequisites
Item | Specifics |
|---|---|
Google Admin Console Access | Access to a Google Workspace account requires a valid username and password. Regular Gmail accounts are not compatible for signing in to the admin.google.com website. |
Mobile Security Android app | Use the latest release in the Google Play Store. |
Chromebook | The Chromebook must have compatibility with Android apps and the Google Play Store. This link provides a list of Chromebook devices that are compatible with Android apps. |
Mobile Security console | Access to the Mobile Security console. |
Mobile Security console administrator credentials | You must have administrator credentials with login access. |
Device application deployment set up
To configure the app, certain steps need to be performed on the Google Admin Console, while others must be completed on the Mobile Security console. Upon completion of the configuration setup, the following events take place:
The app is known to the Google Admin Console along with the activation information defined.
The device app automatically installs on Chromebook devices once the administrator integrates it with the Google Admin Console.
Users within the Google workspace have the app automatically installed. The device user clicks on the app, and then it auto-activates.
The Mobile Security console handles threat management.
Optionally, the app can be set up for auto-launch including auto-activation with a VPN, and the device user does not have to open the app.
Note
The Google Admin Console allows for only one activation link URL per organisational unit. A domain, such as example.com, can contain multiple organisational units, including quality assurance, a demo organisation, and a beta organisation. Each organisational unit can assign a single activation URL to all devices within it. The activation link in the console should be configured by an administrator to accommodate the anticipated number of destination devices.
Set up the the GravityZone MTD from the Google Play Store
The Google Admin Console needs to be configured in order to push the app to the devices.
Log in to Google Admin Console at admin.google.com.
Click on Devices and expand Chrome.
Click and expand App & extensions.
Click Users & browsers.
Click the plus button in the lower-right corner, and add the app from Google Play.
Search for the app and select it.
After the app is added, set the Installation Policy field to the value of Force install and pin to the Chrome OS taskbar.
Click on the app, and to the right, the Managed Configuration field displays.
See Set Up the App Configuration for the steps to set the Managed Configuration field.
Set up the app configuration
After you add the app, you need to configure the app so that it is automatically activated.
Log in to Google Admin Console at admin.google.com.
Click on Devices.
Click and expand Chrome.
Click and expand Apps & extensions.
Click Users & browsers.
Click on the app, and to the right, the Managed Configuration field displays.
Provide the Managed Configuration field JSON.
Set up the app for auto-launch with VPN
If you can have the device app running a VPN, then you can make a few additional settings and the app can automatically launch and begin detecting threats.
Log in to Google Admin Console at admin.google.com.
Click on Devices.
Click and expand Chrome.
Click and expand Settings.
Click Users & browsers.
On the User & browser Settings tab, scroll and find the Network section.
Within the Network section, find the Always on VPN section.
Click Edit, and from the drop-down list, select the always-on VPN app, and click OK.
Choose the option to either allow or not allow the user to disconnect the VPN manually on the Chromebook and save your settings.
Note
If you want to use the Always on VPN setting for phishing detection and for web content filtering, enable these features in the Mobile Security console Policy page for the selected Local Device Group and verify:
The app is automatically installed on Chromebook.
The app is automatically launched and activated on Chromebook. The VPN is also automatically connected.
Verify that phishing links are blocked by the local VPN on the Chromebook.
Get the managed configuration field JSON
A JSON string is required to activate your devices. This section outlines the required JSON values.
Managed configuration parameter list
To configure the app in this environment, create a configuration that includes the necessary information using the variables specified in the table. To exclude optional keys from the JSON string, simply omit them.
Configuration Key | Value Type | Configuration Value |
|---|---|---|
activation_link | String | From the Devices page, copy the value from the Activation Link field under the Local Device Group tab. |
display_eula | String | false (Optional) If this key is not used, the default displays the End User License Agreement (EULA). |
tracking_id_1 | String | (Optional) Use your desired identifier. |
tracking_id_2 | String | (Optional) Use your desired identifier. |
The activation link string
You can get the activation link from a local device group or a user activation link. To get the value of the activation link string portion of the JSON, perform these steps when using a local device group:
Log in the Mobile Security console.
Navigate to the Devices page.
Go to Local Device Groups.
Add a new Group or expand the desired group from the list.
Copy the activation link.
Add the copied activation link value to your JSON.
For information regarding the set up of the Security for Chrome extension refer to this section.