Deploy the GlobalProtect App for Android on Managed Chromebooks Using AirWatch

Starting with GlobalProtect app 5.0, you can deploy the GlobalProtect app for Android on managed Chromebooks that are enrolled with AirWatch. After you deploy the app, configure and deploy a VPN profile to set up the GlobalProtect app for end users automatically.
The GlobalProtect app for Android is supported only on certain Chromebooks. Chromebooks that do not support Android applications must continue to run the GlobalProtect app for Chrome.
Do not deploy both the GlobalProtect app for Android and GlobalProtect app for Chrome on the same Chromebook.
Use the following steps to deploy the GlobalProtect app for Android on managed Chromebooks using AirWatch:
  1. Set up the Google Admin console.
    The Google Admin console enables you to manage Google services for users in your organization. AirWatch uses the Google Admin console for integration with Chromebooks.
    1. Log in to the Google Admin console as an administrator.
    2. From the console, select
      Security
      Advanced Settings
      Manage API client access
      .
    3. In the
      Client Name
      field, enter the Client ID that was provided to you by AirWatch.
    4. In the
      One or More API Scopes
      field, enter the following Google API scopes to which you want to control application access:
      Each API scope must be separated by a comma.
      • https://www.googleapis.com/auth/chromedevicemanagementapi
      • https://www.googleapis.com/auth/admin.directory.user
      • https://www.googleapis.com/auth/admin.directory.device.chromeos
    5. Click
      Authorize
      .
    6. Enable
      Chrome Management - Partner Access
      for device policies (
      Device Management
      Device Settings
      Chrome Management
      Device Settings
      ) and user policies (
      Device Management
      Device Settings
      Chrome Management
      User Settings
      ).
  2. Register AirWatch as your Enterprise Mobility Management (EMM) provider for Google.
    To manage Chromebooks using AirWatch, you must register AirWatch with the Google Admin console.
    1. Log in to your AirWatch console.
    2. Select
      Devices
      Devices Settings
      Devices & Users
      Chrome OS
      Chrome OS EMM Registration
      .
    3. Enter the
      Google Admin Email address
      that you used to access the Google Admin console.
    4. Click
      REGISTER WITH GOOGLE
      . You will be redirected to the Google authorization page, where you can obtain a Google authorization code.
      chrome-emm-registration.png
    5. Enter the
      Google Authorization Code
      that you obtained from the Google authorization page.
    6. Click
      AUTHORIZE
      to complete the registration.
      chrome-emm-registration-authorize.png
  3. Enroll Chromebooks with AirWatch.
    Before you can begin managing Chromebooks using AirWatch, you must enroll and sync your Chromebooks to AirWatch.
    1. From your Chromebook, press
      CTRL+ALT+E
      to open the enterprise enrollment screen.
    2. Enter the username and password from your Google Admin welcome letter or enter your existing G Suite user credentials.
    3. Click
      Enroll device
      . You will receive a confirmation message when the Chromebook is successfully enrolled.
    4. Log in to your AirWatch console.
    5. Select
      Devices
      Devices Settings & Users
      Chrome OS
      .
    6. Click
      Device Sync
      to sync all enrolled Chromebooks to AirWatch.
  4. Add the GlobalProtect app for Android to a Chrome OS profile on AirWatch.
    The
    Application Control
    profile enables you to add apps from Google Play and the Chrome Web Store.
    1. Log in to your AirWatch console.
    2. Select
      Devices
      Profiles & Resources
      Profiles
      to
      ADD
      a new Chrome OS profile.
      airwatch-add-profile.png
    3. Select
      Chrome OS (Legacy)
      from the platform list.
      add-chrome-profile.png
    4. Configure the
      General
      settings.
    5. Configure the
      Application Control
      settings.
      1. Enter the GlobalProtect
        App ID
        displayed in the Google Play URL (com.paloaltonetworks.globalprotect).
        google-play-app-id.png
      2. Enter the app
        Name
        .
      3. Specify whether you want to
        Pin App to Shelf
        . Enter
        Y
        to pin the app to the Chromebook app shelf.
      4. SAVE & PUBLISH
        your changes.

Related Documentation