Chrome Device Discovery

This how-to article will help Assets/CIs application administrators to configure asset discovery for Chrome devices using the Assets/CIs admin interface. The user must have admin access to the Assets/CIs application in TDNext or have access to TDAdmin.

Overview

This article describes how TeamDynamix asset discovery works with the Chrome device management application programming interface (API) to collect information about Chromebooks and other Chrome devices. Asset Discovery will use the credentials you provide to query the API, which will respond with the devices that you can see.

Asset Discovery Services for Chrome Devices is free to use but must be turned on for your environment. Request access to the Chrome Device data provider here.

Configuring Chrome Device Discovery Jobs

To configure a Chrome Device discovery job: 

  1. In TDAdmin or the admin area for the relevant asset application, create a new discovery job and fill in the general fields such as NameDescription, and Date Range. For more information, please see the related article.
  2. Select the Google Chrome Device option in the Gatherer Type field. 
  3. Click Save.
  4. At the top of the page, click Edit.
  5. Set the UsernameService Account Email and Key. The Creating a Chrome Device Management API Account section below describes how to get these values.
  6. Click Save.

Creating a Chrome Device Management API Account 

To set up an account for the Chrome Device data provider:

  1. Navigate to https://console.cloud.google.com
  2. In the toolbar, select a project or create a new project in which the service account will live.
  3. In the left navigation, click the IAM & Admin link.
  4. Select Service Accounts.
  5. Add a new Service Account and fill in the required fields:
    1. Name – TDX Asset Discovery.
    2. Service Account ID – This should auto-complete starting with the value from Name.
  6. Click Create.
  7. Click Continue. You do NOT need to define Service Account Permissions.
  8. Click Create Key and enter JSON for Key Type.
  9. Click Create.
  10. A file will be downloaded to your computer. This file contains a private key which will be used to give TDX Asset Discovery read only access to your Google Chrome Device information. Save this file in a secure place, such as a password manager.
  11. Click Done.
  12. Open the newly created Service Account by clicking on the value in the Email column.
  13. Copy the values for Email and Unique ID.
  14. Navigate to https://admin.google.com.
  15. Select the Security menu option.
  16. Click Advanced Settings.
  17. Click Manage API Client Access.
  18. Paste the Unique ID into the Client Name field.
  19. Paste the value “https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly” into the One or More API Scopes field.
  20. Click Authorize.
  21. Navigate to TDAdmin, click Applications, then open the relevant Asset Application.
  22. From the left navigation menu, navigate to Asset Discovery > Discovery/Sync Jobs.
  23. Click on the name of the sync job you created in the Configuring Chrome Discovery Jobs section above.
  24. Paste the following:
    1. Username – Your Google username or a generic account
    2. Service Account Email – Email copied in step 12
    3. Key – Copy the value of the JSON property private_key from the JSON file that you downloaded while creating the Service Account. Do not include the beginning and ending double quotation marks. An example of the key value is shown below.
      -----BEGIN PRIVATE KEY-----\Nabcdefghijklmnopqrstuvwxyz1234567890\n-----END PRIVATE KEY-----\n
  25. Click Save.

Details

Article ID: 93378
Created
Tue 11/26/19 10:45 AM
Modified
Tue 11/9/21 4:51 AM