=== 2. Chrome Book Setup ===
Once you have logged in to NovaEMM please configure Chrome.
If you want to use MDM to manage your Chrome OS devices, you need to buy some licenses as explained here. Before you enroll your Chromebooks, you have to integrate MDM with G Suite. This will allow you to sync and enroll your Chromebooks automatically with MDM when you add them to the Google portal.
To enroll in a Chrome device, please configure **GOOGLE ADMIN CONSOLE & GOOGLE CLOUD CONSOLE** and get your client id and client secret. Click on the *INTEGRATE* button.
{{:novaemm:image_2023_07_03t10_36_25_791z.png|}}
**Step #1: Configure Google Admin Console**
* Login to [[https://admin.google.com/|Google Admin Console,]] with your admin credentials and select **Devices.**
{{:novaemm:chromebook_mdm_1.png|}}
If the Chrome device has not been added previously, click on ** Start Trial** under the **Chrome Devices** option.
Once enrolled in the trial, navigate back to the devices page. Select **Chrome -> Apps & extensions -> Users & browsers**, from the left pane.
{{:novaemm:chromebook_mdm_2.png|}}
* Select **Settings (Gear icon)** under the Users & Browsers tab. Select **Allow** for Android applications on Chrome devices. Click **Save.**
{{:novaemm:chromebook_mdm_4.png|}}
* Now, click on **Settings** from the dropdown menu. Under **User & Browser settings** navigate to **Chrome Management - Partner Access.** Select **Enable Chrome Management - Partner Access** and agree to the given Terms and Conditions.
{{:novaemm:chromebook_mdm_5.png|}}
{{:novaemm:chromebook_mdm_7.png|}}
* Click on Save to **save** the user settings.
* Now, click on **Device Settings** and navigate to **Chrome Management - Partner Access.** Select Enable Chrome Management - Partner Access and agree to the given terms and conditions.
{{:novaemm:chromebook_mdm_6.png|}}
* Click on Save to **save** the device settings.
* To enable **Chrome Policy APIs,** login to [[https://console.cloud.google.com/|Google Cloud Console]] using your admin account.
* Go to **APIs & Services > Library.**
* In the search bar, type **Chrome Policy APIs** to check if it is enabled.
{{:novaemm:chrome-policy-api.png|}}
In the search bar, type **Admin SDK API** to check if it is enabled.
{{:novaemm:admin-sdk-api.png|}}
**Step #2: Integrate with MDM**
* On the MDM server, click on the **Enrollment** tab from the top menu and select **Chromebook Enrollment,** present under **Chrome OS.**
* If you've already integrated G Suite in Android Enterprise you can go directly to step 3. If not, click on **Configure Now** and provide the **domain** registered with G Suite as well as the **domain admin account.**
* In the case of MDM On-Premise, if OAuth is not configured, you will get an error message saying **"OAuth App details are not yet configured".**
* Click **here** to configure OAuth. You will be prompted to enter the Client ID and Client Secret.
* Once you have entered the Client ID and Client Secret, click on **Integrate** to complete Chrome integration using G Suite. You can now enroll in Chromebooks using MDM.
**Note:** After integration, all the org units and users will be synced from the Google Admin Console and will be displayed in our MDM server.
== How to obtain a Client ID and Client Secret ==
1. Log in to the [[https://console.cloud.google.com/|Google Console]] with your G Suite admin account.
{{:novaemm:chrome_enrollment_1.png|}}
2. Click on **Select Project -> New Project** and enter the required details.
{{:novaemm:chrome_enrollment_2.png|}}
3. Navigate to **APIs & services -> Credentials -> Create Credentials -> OAuth Client ID.**
{{:novaemm:chrome_enrollment_3.png|}}
{{:novaemm:chrome_enrollment_4.png|}}
4. If you are configuring OAuth Authentication for the first time, you have to set up your **OAuth Consent Screen.**
5. On the left panel, click on **OAuth Consent Screen,** and choose the User Type as **Internal.**
6. Click on Create. You will now have to enter the app name, support email, and developer contact information and click on Save and Continue.
{{:novaemm:chrome_enrollment_9.png|}}
7. Now navigate to **APIs & services -> Credentials -> Create Credentials -> OAuth Client ID.** Select **Web Application as the Application type.**
{{:novaemm:chrome_book_management:chrome_enrollment_5.png|}}
8. Enter **https://b2b.novaemm.com/configure-chrome** as Authorized redirect URIs and click on **Create.**
{{:novaemm:chrome_book_management:chrome_enrollment_6.png|}}
{{:novaemm:chrome_book_management:chrome_enrollment_7.png|}}
9. A new set of **Client ID and Client Secret** will be generated which is to be copied and pasted back on the MDM server.
{{:novaemm:chrome_book_management:chrome_enrollment_8.png|}}
10. Once you have entered the Client ID and Client Secret, click on **Integrate.**
Now the OAuth will be successfully configured on the MDM server.
== Troubleshooting tips ==
**Unable to Integrate G Suite with MDM**
If you are unable to integrate G Suite with MDM, follow the steps mentioned below:
1. You have to sign in to the account which is already integrated and remove the access. To do so,
2. Go to this [[https://myaccount.google.com/permissions|page]] and log in to the account.
3. In the case of MDM Cloud, Select **NovaEMM**, and for On-Premise, select the app name which you have created on the Google Admin Console. Now click on **Remove access.**
Now the G Suite will get successfully integrated with MDM.
\\ [[novaemm/chrome_book_management/getting started for chromeos|Previous Page]] [[novaemm/chrome_book_management/chrome book device profile|Next Page]]