Jamf Nation Community

Hi Maxb,

The Google team has updated Admin Console to make it more clear which file to download for Mac.

In addition, we have updated the instructions for "Enroll browsers on Mac" section in this Help Center Article: https://support.google.com/chrome/a/answer/9301891

Finally, we're working with the JAMF team on better documenting the instructions for how to push the token out via JAMF - please stay tuned!

Anuj Goyal
Product Manager - Chrome Browser Enterprise

Tried this using the Download file method for Mac, added the file to Library/Google/Chrome, quit chrome etc no browser is registered

Any ideas?

Were you able to figure this out?

@Maxb

Hey All,
I've had success with this. I am currently using a Config Profile pushed from JAMF. Here is an example of the plist I uploaded to custom settings payload.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CloudManagementEnrollmentToken</key>
    <string>ENROLLMENTKEYHERE</string>
    <key>BrowserSignin</key>
    <integer>2</integer>
    <key>RestrictSigninToPattern</key>
    <string>.*@(domain1.com|domain2.com|domain3.com)</string>
</dict>
</plist>

The other keys Browser Sign in = 2 just forces user to log into chrome before it will even launch and the last key restircts it to a domain of my choosing.

I also ran into issue where browser wasn't enrolling and I had purge Chrome completely. This included any folders in /Library/ + ~/Library folders as well. Hope this helps!

Tried Profile Creator. Nothing seems to upload to JAMF. Should it be a .mobileconfig file if used in MacOS?

There is no folder called /Library/Google/Chrome as suggested in the google post for steps.

I found this otu as well hence why I suggest using a Plist Configuration Profile Custom Settings payload to accomplish this. In my testing, I was able to create the directory and drop in the enrollment token file, but it did not enroll very often. I would try the Config Profile method and see if that works.

@zachary.fisher I created a profile in profile creator. I tried it as signed and unsigned. Still no luck.

I have not used ProfileCreator. I would suggest try using the Plist I linked and editing the key and such and see if you can upload that to a Configuration Profile via Custom Settings Payload. You can then either push it out to your test Machine or just download and install manually to see if that works.

Trying to upload however it is not in xml and I am told to convert. Upon converting I get an error.
"Property List error: Unexpected character { at line 1 / JSON error: No string key for value in object around character 1."

@goanuj Your instructions do not work as there is no chrome folder for that file to be placed into...

Hey All,
So this is the exact .plist I use with my Configuration Profile for the Custom Payload. The only key that is included is the Enrollment Token which you will have to copy from the Google Admin Console. As I said earlier, I have found that putting the file in the /Library/Google/Chrome location did not have the most favorable results.

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CloudManagementEnrollmentToken</key> <string>ENROLLMENTKEY</string> </dict> </plist>

Save this as a .plist file. JAMF will most likely ask you to convert it so that it can read it properly when you try to upload. I just tested this and I was able to upload it and push it to my VM and I was able to see it as enrolled.

Just in case anyone is unsure like I was, here are slightly more verbose instructions to zachary.fisher's response.

1. Create the plist file - calling it com-google-chrome.plist and replacing ENROLLMENTKEY with your key
2. Create a new Configuration Profile, naming it as you wish
3. Add a "Custom Settings" plist to it
4. Name the "Preference Domain" as "com.google.chrome" and upload the plist file you just created
5. Set the scope as you wish
6. Google Chrome must be restarted for this to take effect

Worth noting that the answer by Maxb is wrong I think - that would only apply to mobiles.

I feel like a dumb dumb, but I cannot figure out how to set enforced login or make chrome the default browser in profile creator. Can someone point it out for me?

FYI I have ChromeCloudManagementEnrollmentToken as a .pkg in my PreStage and it works. Chrome and File Stream are also part of this PreStage.

All I have to do is set Chrome as default but I will do that in a Plist.

Sorry, "Policy" not "PreStage".

@nimitz

I took over for MaxB in our environment. The profile we deploy:
Forces Login

<key>ForceBrowserSignin</key>
            <true/>

Sets Chrome as the Default Browser

<key>DefaultBrowserSettingEnabled</key>
            <true/>

Restricts sign in to a particular domain

<key>RestrictSigninToPattern</key>
            <string>EMAIL DOMAIN HERE</string>

I tried to recreate it in Profile Creator, but it honestly is a pain with no search function. If you use the markup editor as opposed to the GUI option Profile Creator you can drop those anywhere between in the PayloadContent <dict> </dict>

@austin_nill Hey Austin!

What if you do not have access to "GSuite"?
I went to setup Chrome Enterprise using the direction here https://support.google.com/chrome/a/answer/9923111?hl=en but I then go to login with our purpose created google account and get the message "admin.google.com is used for G Suite accounts only. Regular Gmail accounts cannot be used to sign in to admin.google.com"

Does this mean we need to signup for G Suite just to manage the browser?

TY