How to view video closed captions and transcripts
Transcript
0:07
Gopher for Chrome users can be either super admin or delegated admin users Those users who are not super admins, but are Gopher for Chrome users need to have delegated admin permissions We'll do this by creating two admin roles one with domain-wide permissions for looking up user information when running
0:28
device reports and another with per organization permissions limiting view edit rights on devices with Gopher for Chrome to only those OUs you want the user to manage.
0:40
Let's get started. The first thing we're going to do is access the admin console and create the two new admin roles.
0:47
If you can't find the admin roles underneath accounts or by using search, you're probably not signed in as a super administrator.
0:55
We'll need super admin access to create these new admin roles. The first role to create is for domain-wide permissions. We'll give it a name with a Notifier saying this is for DomainWide permissions.
1:10
Underneath the Admin Console Privileges section, the only privilege that we need is under User. It's called Read. Expand Users and check the checkbox next to Read.
1:23
Now we can start delegating access to users or assigning this role to users. Let's assign an administrator to this role.
1:43
And again, this is a domain-wide rule or a domain-wide access, even though we can put it on a different organizational unit.
1:52
You only want to use this for Chrome Gofer on the root organization unit. Assigning this role on some other sub-organization unit can cause errors.
2:03
This user now has access to our domain. The next role to create is a per organizational unit setting, Name it appropriately, Chrome Go for Per OU settings.
2:22
There are two settings we'll need to enable. The first is our admin API privileges allowing the read access to organizational units.
2:33
The second API privilege to enable is underneath the services area. It's called Manage Chrome OS devices. Under Services, expand Chrome Management and check the checkbox next to the Manage Chrome OS devices.
2:50
Now, let's add our user as a dedicated administrator for this role as well. With this role, because it's a per-OU setting, we can set it up so that the users are only able to access devices in a certain organizational unit.
3:06
For this user, I will restrict the user to only be able to access student organizational units. Hit select and confirm that assignment.
3:17
As soon as I verify the user is assigned to the proper roles, it's good to test and go for Chrome.
3:24
For the user we are working with, I've already installed GoForForCrome from the add-on store and I'm going to launch in the sidebar.
3:33
We're pulling up the APIs for this organization and because I'm a delegated user, I only have access to certain organizational units.
3:42
Let's pull everything that I have access to just to verify again that things are working and they have the proper scopes.
3:50
Chrome GoFor populates the headers automatically for us. In the sidebar you'll see the number of org units devices are being retrieved from, followed by the number of devices imported from those organizations.
4:03
The devices are only from the specific use which the user has been given delegated access to. There is not any visibility outside of the student organizational unit for this user.
4:15
Then when viewing the organizational units in the org unit path column, Again, I'm only seeing access to the OUs that this user has delegated access to.
4:26
The same would go for reports. We will only be able to generate reports for the organizations that we have access to.
Comments
Article is closed for comments.