Integrating Chromebook Management

Configuring the Google Service Account

Log into google Accounts

Click Enable API’s and Services at the top

Click on GSuite from the left-hand menu, then click on Admin SDK

Click Enable (If not already enabled), then click Manage to view this page

Click Credentials on left menu then click Create Credentials on top menu

Select Credentials in APIs and Services

Click Credentials – select Service Account Key

Select new service account and enter the Service Account Name

Select P12 and press create

Select Role as Project Owner – click Create

Save the P12 file on your system as you will load this into SyAM.

Scroll down the Credentials page and Click on Manage Service Accoutns

Find the serivce accont you have just created and click on the three dots on the right side and selct Edit

Within the Service Account Details Page Click to enable the G Suite Domain-wide Delegation

Copy the email and unique ID as these are entered into the SyAM MDM along with the P12 file.

Press Save

You can now Log Out of the Google Developers Console

Update the Google Admin Console

Login to your Google Apps Admin console.

Select Security from the list of controls

Select Show more and then Advanced settings from the list of options.

Select Manage API client access in the Authentication section. In the Client Name field enter the service account's Client ID.  113528650269504670471 (This is the Unique ID from the Service Account Details Page)

Paste in the following for the URLS,,,,,,,,,,,,

Press the Authorize button

Log into the SyAM MDM Interface

Click on the left menu Managed Devices – select ChromeOS

Upload the P12 file and paste in the ID and email from your Service Account Details

Press Next

Enter the following key for Static Maps - AIzaSyDeLdJqAgsJH87S1yT0WhgdMPo0BHiUk1U

Press Next

Enter the domain and user email that was used to Authorize the Service API in Google Admin Console

Press Save

If you have not already authorized the service API in GAC follow these steps before pressing Sync

If the service account has been authorized Press Sync

Once the Sync Completes you will see the Last Updated date

You can now set the Polling Interval for the GAC Sync and the Site Manager Asset Update

Possible reasons why the error Authorization Status 401 Unauthorized can occur

Incorrect Role chose for the service account – it must be set to Project – Service Account Actor

  • To resolve, delete the two sets of settings in the Chrome OS page in Management Utilities, delete the service account and start the process again, creating a new service account and then add the new service account into Google Admin Console with the URLs.

Incorrect Google Apps Email Address, possibly a typo or the email account used was not the account used when logging into Google Admin Console to add in the URL’s to the Service account.

  •  To resolve delete the Google Apps Domain information in the Chrome OS page in Management Utilities, then enter the correct email address and press save.

Possible reason why the error Authorization Status 403 Unauthorized can occur

API SDK access has not been enabled in the Google Developer Console