Deploy the GlobalProtect App for Android on Managed Chromebooks Using AirWatch

Starting with GlobalProtect app 5.0, you can deploy the GlobalProtect app for Android on managed Chromebooks that are enrolled with AirWatch. After you deploy the app, configure and deploy a VPN profile to set up the GlobalProtect app for end users automatically.
The GlobalProtect app for Android is supported only on certain Chromebooks. Chromebooks that do not support Android applications must continue to run the GlobalProtect app for Chrome.
Do not deploy both the GlobalProtect app for Android and GlobalProtect app for Chrome on the same Chromebook.
Use the following steps to deploy the GlobalProtect app for Android on managed Chromebooks using AirWatch:
  1. Set up the Google Admin console.
    The Google Admin console enables you to manage Google services for users in your organization. AirWatch uses the Google Admin console for integration with Chromebooks.
    1. Log in to the Google Admin console as an administrator.
    2. From the console, select SecurityAdvanced SettingsManage API client access.
    3. In the Client Name field, enter the Client ID that was provided to you by AirWatch.
    4. In the One or More API Scopes field, enter the following Google API scopes to which you want to control application access:
      Each API scope must be separated by a comma.
      • https://www.googleapis.com/auth/chromedevicemanagementapi
      • https://www.googleapis.com/auth/admin.directory.user
      • https://www.googleapis.com/auth/admin.directory.device.chromeos
    5. Click Authorize.
    6. Enable Chrome Management - Partner Access for device policies (Device ManagementDevice SettingsChrome ManagementDevice Settings) and user policies (Device ManagementDevice SettingsChrome ManagementUser Settings).
  2. Register AirWatch as your Enterprise Mobility Management (EMM) provider for Google.
    To manage Chromebooks using AirWatch, you must register AirWatch with the Google Admin console.
    1. Log in to your AirWatch console.
    2. Select DevicesDevices SettingsDevices & UsersChrome OSChrome OS EMM Registration.
    3. Enter the Google Admin Email address that you used to access the Google Admin console.
    4. Click REGISTER WITH GOOGLE. You will be redirected to the Google authorization page, where you can obtain a Google authorization code.
      chrome-emm-registration.png
    5. Enter the Google Authorization Code that you obtained from the Google authorization page.
    6. Click AUTHORIZE to complete the registration.
      chrome-emm-registration-authorize.png
  3. Enroll Chromebooks with AirWatch.
    Before you can begin managing Chromebooks using AirWatch, you must enroll and sync your Chromebooks to AirWatch.
    1. From your Chromebook, press CTRL+ALT+E to open the enterprise enrollment screen.
    2. Enter the username and password from your Google Admin welcome letter or enter your existing G Suite user credentials.
    3. Click Enroll device. You will receive a confirmation message when the Chromebook is successfully enrolled.
    4. Log in to your AirWatch console.
    5. Select DevicesDevices Settings & UsersChrome OS.
    6. Click Device Sync to sync all enrolled Chromebooks to AirWatch.
  4. Add the GlobalProtect app for Android to a Chrome OS profile on AirWatch.
    The Application Control profile enables you to add apps from Google Play and the Chrome Web Store.
    1. Log in to your AirWatch console.
    2. Select DevicesProfiles & ResourcesProfiles to ADD a new Chrome OS profile.
      airwatch-add-profile.png
    3. Select Chrome OS (Legacy) from the platform list.
      add-chrome-profile.png
    4. Configure the General settings.
    5. Configure the Application Control settings.
      1. Enter the GlobalProtect App ID displayed in the Google Play URL (com.paloaltonetworks.globalprotect).
        google-play-app-id.png
      2. Enter the app Name.
      3. Specify whether you want to Pin App to Shelf. Enter Y to pin the app to the Chromebook app shelf.
      4. SAVE & PUBLISH your changes.

Related Documentation