Follow the instructions below to deploy the Cisco Umbrella Chromebook client to your organization's Chromebooks.
There are three parts to this installation:
- Downloading the configuration file from the Umbrella Dashboard
- Installing the Cisco Umbrella Chromebook client extension on your Chromebooks
- Installing the Cisco Umbrella Chromebook client application on your Chromebooks
In addition, you can find instructions for removing Umbrella Chromebook software in the last section of this guide.
To install the Cisco Umbrella Chromebook client, you must:
- Be a G Suite admin account in order to log into admin.google.com
- Have a valid Umbrella dashboard login
- Chromebooks must have Chrome OS v55 or later
- Chromebooks are not in Kiosk mode
- Port 53 UDP accessible to 220.127.116.11 and 18.104.22.168
- https://registration.polaris.qq.opendns.com is accessible
Cisco Umbrella highly recommends the following:
- In order to avoid certificate errors when accessing the block page, you must install the Cisco Umbrella root certificate on your Chromebooks. See Download the Certificate. For more information on how to deploy certificates, see Google's documentation.
- In the G Suite Admin Console, disallow the incognito window for Chromebook users
Implementing Trusted Network Detection
If you are implementing Trusted Network Detection, Cisco Umbrella recommends that you check your DHCP server to make sure that it is providing Chromebook devices with the same VA IP address as other devices on your network.
The configuration file contains the information required for the Cisco Umbrella Chromebook client to work with Umbrella.
- Log into dashboard.umbrella.com
- Navigate to Deployments > Core Identities > Chromebook Users and click Configure.
- Download the configuration file.
VA customers only
To use the Cisco Umbrella Chromebook client in a network with Cisco Umbrella Virtual Appliances, you must add the IP addresses of your VAs to the configuration file before uploading it. Each VA IP addresses must be enclosed in double quotes, comma-separated. This example illustrates a network with two VAs:
For a sample of the entire configuration file, see the Trusted Network Detection overview.
Make sure you save the file in a known location. You will copy the configuration from this file during the installation of the Cisco Umbrella Chromebook client application.
- Log into https://admin.google.com.
Search for Device Management, then open it.
In the Device Management window, select Chrome Management.
- In the Chrome Management window, select Apps & Extensions.
- Click the + icon to search for the ID of the Cisco Umbrella Chromebook client extension jcdhmojfecjfmbdpchihbeilohgnbdci
(Searching by name will not work.)
- Select the Umbrella Client for Chromebook Extension, then select User Settings.
- Select the Organization Unit for which to install the Umbrella Chromebook client.
The Org Units are unique to your organization.
Select Force Install.
This ensures that Chromebook users in the selected Organization Unit cannot remove or disable the extension.
You have finished installing the Cisco Umbrella Chromebook client extension. Next, proceed with the next section to install the Cisco Umbrella Chromebook client application.
- Return to the Chrome Management page in
- Search for the ID of the Cisco Umbrella Chromebook client application cpnjigmgeapagmdimmoenaghmhilodfg
(Searching by name will not work.)
- Select the Umbrella Client for Chromebook Application, then select User Settings.
- Select the Organization Unit for which to install the application.
- Select Force Install.
This ensures that Chromebook users in the selected Organization Unit cannot remove or disable the application.
- Select Save.
You have finished installing the Cisco Umbrella Chromebook client application. The next step is to upload the Configuration file you previously obtained from Umbrella.
- Copy the configuration from the downloaded configuration file to the bottom right corner in the Policy for Extensions.
- Select Save.
You have finished installing the Umbrella client and uploading the configuration file.
It can take Google four to eight hours to push the Cisco Umbrella Chromebook client to all of your Chromebooks. The Chromebooks must be connected and logged in for the installation to take place.
After the client is installed in a Chromebook, allow a few hours for Chromebook traffic to begin to appear in your Umbrella dashboard.
To apply your policies to your organization's Chromebooks, see the Cisco Umbrella Chromebook Client Policy Configuration Guide.
To remove the software for a specific user:
- Log into your G Suite admin console, then click Users.
- Choose a user, then choose Move Organization Group.
- Click Change* to confirm your choice.
You have finished removing the Chromebook client for that user.
To remove the software for all members of an Organizational Unit (OU):
- Follow the instructions for Installing the Cisco Umbrella Chromebook client extension.
- In step 7, switch the Allow Installation setting to OFF.
Updated about a month ago