Learn how to automate Chromebook lock-in — the process of restricting each Chromebook to a specific Google Account
Table of Contents
Why Lock Chromebooks to Specific Google Accounts?
Securing devices like Chromebooks by locking them to specific Google accounts is a strategic move to enhance security and manage resources effectively. For businesses, this practice ensures that sensitive corporate data remains protected by restricting device access to authorized personnel only.
Schools, on the other hand, commonly adopt this strategy to prevent misuse of devices. By locking Chromebooks to individual accounts, schools enforce that these devices are used strictly for educational purposes and significantly contributes to cost savings for schools. It reduces the risk of theft and damage, as students are held accountable for the specific devices assigned to them.
As it’s pretty much impossible to lock all Chromebooks to students manually, automation is essential for this process. Let’s see how you can easily achieve this using Zenphi, the #1 Google Workspace workflow automation platform.
Automated Chromebook Lock In: A Step-By-Step Guide
Set Up Your Zenphi Account
To begin, you’ll need to set up a Zenphi account if you haven’t already. You can create a free account here. For this workflow, we’ll use the HTTP API trigger. This will be called by the asset management system whenever a Chromebook is assigned to a student. The trigger will pass the Google Account of the student and the device ID to the Zenphi flow, which will process this information in subsequent steps.
Form Submission trigger. This means that whenever a vendor submits their onboarding form, your automated flow will kick off and start processing the vendor’s information.
Step 1: Create an Organizational Unit (OU)
To apply the 1:1 policy to Chromebooks, start by creating an Organizational Unit (OU) for each device using the “Create Organizational Unit” action. Each student-assigned Chromebook will have its own OU under a parent OU named “Devices” for easy management. The new OU will be named according to the Google Account provided by the trigger, ensuring each device is tied to an individual user.
Step 2: Move the Device to the OU
Next, move the Chromebook to the newly created OU. To do this, generate an OAuth token using our “Redeem OAuth Token” action. (Note: If this action isn’t available in your toolbox, feel free to request access from our team.)
With the OAuth token, use the “Make HTTP Request” action to call chromeosdevices.moveDevicesToOu.
This API method allows administrators to move up to 50 Chrome OS devices at a time to a specific OU in Google Workspace. Since each device will have a unique OU, we’ll only be moving one device at a time based on its ID. For detailed configuration, refer to Google’s API documentation.
Zenphi is named the #1 Google admin tool by thousands of your peers. Our powerful no-code platform allows to simplify Google user access control and user lifecycle management. Contact our Google Workspace automation experts to learn more.
Step 3: Lock Down the Device with a 1:1 Policy
Finally, enforce the 1:1 user policy using another “Make HTTP Request” action to call customers.policies.orgunits.batchModify.
This method lets administrators quickly update settings for a specific device group. Under this action, specify the list of allowed users to include only the assigned Google Account. For detailed configuration, refer to Google’s API documentation.
Step 4: Testing and Publishing your Flow
Once you’ve completed the setup, test your flow to ensure it locks down each Chromebook to a single user.
After testing, publish the flow. Now, every time a Chromebook is assigned by the Asset Management System, Zenphi will automatically enforce the 1:1 policy—enhancing security and accountability without you having to lift a finger!
It’s that easy to secure your Chromebooks and ensure they’re used only by designated students! Schools using this solution have reported annual savings of over $20,000 by reducing repair costs and simplifying device management. Join them in making device management efficient and secure. If you’re ready to see these benefits, contact us for a free demo and discover how Zenphi can help you invest time and resources in what truly matters.