• ITP for Managed Chromebooks
• Steps to Configure a Zero Touch Chrome Enrollment

ITP for Managed Chromebooks

The Google Chrome Extension is a browser-based endpoint agent that provides granular reporting and filtering. It is used by managed Chromebooks to disallow any circumvention of software. Installing and registering your managed Chromebooks with this extension allows admins to apply Internet Threat Protection (ITP) policies.

Steps to Configure a Zero Touch Chrome Enrollment

1. In the Cloud Secure Edge Command Center, navigate from Internet Access > Internet Threat Protection, and select the policy that you want to apply to your managed Chromebooks.

2. Select the Zero Touch Chrome Enrollment tab on your policy.

3. Follow the steps outlined in the Zero Touch Enrollment tab in the CSE Command Center: Download the CSE certificate using the Download button in the Command Center UI. This will show up as cse_certificate.pem in your Downloads folder.

4. Log into your Google Admin account, and navigate to Devices > Networks > Certificates. Select ADD CERTIFICATE. Ensure that you check off the Enabled for Chromebook option. Name and upload the CSE Certificate PEM file from your Downloads.

5. Copy the DoH URL (presented in Step 3 in the Zero Touch Enrollment tab in the Command Center) using the Copy button in the Command Center. In your Google Admin account, navigate to Devices > Chrome > Settings > DNS over HTTPS, and paste the DoH URL in the configuration section. Before saving, select the configuration option to Prefer DNS over HTTPS, but allow insecure fallback.

6. Save your configuration.

7. Copy the DoH URL with identifiers (presented in Step 4 in the Zero Touch Enrollment tab in the Command Center). In your Google Admin account, navigate to Devices > Chrome > Settings > DNS-over-HTTPS with identifiers, and paste the URL in the configuration section.

8. Save your configuration.

9. Copy the extension ID (presented in Step 5 in the Zero Touch Enrollment tab in the Command Center). In your Google Admin account, navigate to Devices > Chrome > Apps & extensions > Users & browsers and select the Add app icon (on the bottom right of webpage) and select Add from Chrome Web Store. Paste the Extension ID in the Search by ID field and then Select the blue button.

10. Copy the variables presented in Step 6 in the Zero Touch Enrollment tab in the Command Center. In your Google Admin account, navigate to Devices > Chrome > Apps & extensions > Users and Browsers > CSE Extension.

11. Select the CSE Extension, then set the Installation Policy to force install. Toggle the option under Incognito Mode to Extension is mandatory for Incognito. Scroll to the bottom and paste the variables in the Policy for Extensions field.

12. Save your configuration.