Chromebook Lock In? This Is How to Automate the Process

Education Use Cases , IT Use Cases

Learn how to automate Chromebook lock-in — the process of restricting each Chromebook to a specific Google Account

Table of Contents

Why Lock Chromebooks to Specific Google Accounts?

Securing devices like Chromebooks by locking them to specific Google accounts is a strategic move to enhance security and manage resources effectively. For businesses, this practice ensures that sensitive corporate data remains protected by restricting device access to authorized personnel only. 

Schools, on the other hand, commonly adopt this strategy to prevent misuse of devices. By locking Chromebooks to individual accounts, schools enforce that these devices are used strictly for educational purposes and significantly contributes to cost savings for schools. It reduces the risk of theft and damage, as students are held accountable for the specific devices assigned to them. 

As it’s pretty much impossible to lock all Chromebooks to students manually, automation is essential for this process. Let’s see how you can easily achieve this using Zenphi, the #1 Google Workspace workflow automation platform. 

Automated Chromebook Lock In: A Step-By-Step Guide

Set Up Your Zenphi Account

To begin, you’ll need to set up a Zenphi account if you haven’t already. You can create a free account here. For this workflow, we’ll use the HTTP API trigger. This will be called by the asset management system whenever a Chromebook is assigned to a student. The trigger will pass the Google Account of the student and the device ID to the Zenphi flow, which will process this information in subsequent steps.

 Form Submission trigger. This means that whenever a vendor submits their onboarding form, your automated flow will kick off and start processing the vendor’s information.

Step 1: Create an Organizational Unit (OU)

To apply the 1:1 policy to Chromebooks, start by creating an Organizational Unit (OU) for each device using the “Create Organizational Unit” action. Each student-assigned Chromebook will have its own OU under a parent OU named “Devices” for easy management. The new OU will be named according to the Google Account provided by the trigger, ensuring each device is tied to an individual user.

Step 2: Move the Device to the OU

Next, move the Chromebook to the newly created OU. To do this, generate an OAuth token using our “Redeem OAuth Token” action. (Note: If this action isn’t available in your toolbox, feel free to request access from our team.)

With the OAuth token, use the “Make HTTP Request” action to call chromeosdevices.moveDevicesToOu.

This API method allows administrators to move up to 50 Chrome OS devices at a time to a specific OU in Google Workspace. Since each device will have a unique OU, we’ll only be moving one device at a time based on its ID. For detailed configuration, refer to Google’s API documentation.

The #1 Google workspace Admin automation Tool

Zenphi is named the #1 Google admin tool by thousands of your peers. Our powerful no-code platform allows to simplify Google user access control and user lifecycle management.  Contact our Google Workspace automation experts to learn more.

Step 3: Lock Down the Device with a 1:1 Policy

Finally, enforce the 1:1 user policy using another “Make HTTP Request” action to call customers.policies.orgunits.batchModify.

This method lets administrators quickly update settings for a specific device group. Under this action, specify the list of allowed users to include only the assigned Google Account. For detailed configuration, refer to Google’s API documentation.

Step 4: Testing and Publishing your Flow

Once you’ve completed the setup, test your flow to ensure it locks down each Chromebook to a single user.

After testing, publish the flow. Now, every time a Chromebook is assigned by the Asset Management System, Zenphi will automatically enforce the 1:1 policy—enhancing security and accountability without you having to lift a finger!

It’s that easy to secure your Chromebooks and ensure they’re used only by designated students! Schools using this solution have reported annual savings of over $20,000 by reducing repair costs and simplifying device management. Join them in making device management efficient and secure. If you’re ready to see these benefits, contact us for a free demo and discover how Zenphi can help you invest time and resources in what truly matters.

Read More On Google Admin Tasks Automations

Zero Trust In Google Workspace
Shared Drives Audits
Employee Offboarding: Revoke Access
Employee Offboarding Checklist
Access Control Best Practices
About The Author
Picture of Fernanda López Guerra, CS @Zenphi
Fernanda López Guerra, CS @Zenphi

Fernanda is an experienced Customer Success manager with over 9 years in Tech and B2B Saas. She has automated multiple operations for Zenphi customers in Education, Retail, Tech and other verticals.