The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Deploy the Chromebook Client

The Cisco Umbrella Chromebook client provides Umbrella's DNS layer protection to Chromebook users. After you deploy the Umbrella Chromebook client to your Chromebooks, you can view your Chromebooks as identities in a policy. Your Chromebooks are immediately protected by the default DNS policy. At any time, you can add your own policies and customize your Chromebooks' protections. For more information, see Add a Chromebook Specific Policy.

Table of Contents

Prerequisites

  • G Suite admin account
  • Umbrella login credentials
  • Chromebooks with ChromeOS v55 or later
  • Chromebooks are not in Kiosk mode
  • Port 53 UDP accessible to 208.67.220.220 and 208.67.222.222
  • https://registration.polaris.qq.opendns.com is accessible
  • Chromebooks must be connected and logged in
  • Cisco Umbrella root certificate installed — To avoid certificate errors when accessing an Umbrella block page, you must install the Cisco Umbrella root certificate on your Chromebooks. See Install the Cisco Umbrella Root Certificate.
    For more information about how to push the Umbrella root certificate from Google's admin console to all of your Chromebook devices, see Set up TLS (or SSL) inspection on Chrome devices.
  • In the G Suite Admin console, disallow the incognito window. From the Incognito mode menu, choose Disallow incognito mode. For more information, search for Incognito Mode in Chrome Enterprise and Education Help.

Trusted Network Detection

If you are implementing trusted network detection (TND), we recommend that your DHCP server provides Chromebook devices with the same virtual appliance (VA) IP address as other devices on your network. For more information, see Enable Trusted Network Detection.

Procedure

Deploying the Umbrella Chromebook client is a multi-step process:

The JSON file downloaded from Umbrella during this procedure contains information required by the Umbrella Chromebook client so that it can operate with Umbrella. Information held within this file is required to access the Cisco Umbrella Chromebook client through Google's Chrome Web Store. During the deployment process, the Chromebook client config file is uploaded to Google, which is then able to push the Umbrella Chromebook client to all of your Chromebooks. After the client is installed in a Chromebook, allow a few hours for Chromebook traffic to begin appearing in your Umbrella dashboard.

Step 1: Download Umbrella Chromebook Configuration

  1. Navigate to Deployments > Core Identities > Chromebook Users and click Download.
  1. Click Download and download the JSON file.
    Note: Save this file to a known location. The regToken value listed in this file is required during the installation of the Cisco Umbrella Chromebook client application.
"googleDirectoryService":	{
	"Value": false
}
"organizationInfo": {
	"Value": {
	  "organizationId":	1234567,
	  "regToken": "1234567890ABCdef"
  }
}
"publicSession": {
	"Value": false
}
"vaIPs": {
	"Value": []
}
  1. (Optional) Integrate the G Suite Identity Service with the Umbrella Chromebook client. For more information, see Integrate the G Suite Identity Service.
  2. (Optional) Set up trusted network detection (TND). To use the Umbrella Chromebook client in a network with Umbrella virtual appliances (VAs), you must add the IP addresses of your VAs in the Umbrella Chromebook configuration file before uploading it. For more information, see Enable Trusted Network Detection.

Step 2: Install the Cisco Umbrella Chromebook Client Extension

You cannot deploy the Umbrella Chromebook client directly to your Chromebooks. You must deploy the client from the Google Admin console.

  1. Log into the Google Admin console.
  1. Navigate to Devices > Chrome > Apps & Extensions > Overview.
  1. From Apps & Extensions, navigate to Users & browsers > Organizational Units.
  1. Expand Organizational Units and choose the organization in which you want to deploy the Umbrella Chromebook client.
  2. Click the + (Expand) icon and choose Add from Chrome Web Store.
  1. In the Chrome Web Store, navigate to Extensions and then search for the Cisco Umbrella Chromebook client extension using the Cisco Umbrella Chromebook Client ID jcdhmojfecjfmbdpchihbeilohgnbdci.
  2. Click Select.
    The extension is added to the selected Organization Unit (OU).
  1. Choose Force Install and then click Save.
    The Cisco Umbrella Chromebook client extension is installed. Force Install ensures that Chromebook users in the selected OU cannot remove or disable the extension.

Step 3: Install the Cisco Umbrella Chromebook Client Application

  1. Return to the Google Admin console.
  2. Click the + (Expand) icon and choose Add from Chrome Web Store.
  1. Search for the Cisco Umbrella Chromebook client app using the unique Cisco Umbrella Chromebook Client ID cpnjigmgeapagmdimmoenaghmhilodfg.
    Note: This ID is specific to the client app. Do not use the ID for the client extension listed earlier.
  1. Click Select.
    The app is added to the selected organization unit.
  2. Choose Force Install and then click Save.
    The Cisco Umbrella Chromebook client app is installed. Force Install ensures that Chromebook users in the selected Organization Unit cannot remove or disable the app.
  1. Copy the JSON file that you downloaded during Step 1: Download Umbrella Chromebook Configuration and paste it into the Policy for Extensions section.
  1. Click Save.
    The Cisco Umbrella Chromebook client app is installed and the configuration file uploaded.

It can take Google upwards of eight hours to push the Umbrella Chromebook client to all of your Chromebooks. After the Umbrella Chromebook client is installed in a Chromebook, allow a few hours for Chromebook traffic to begin appearing in your Umbrella dashboard.
Note: Chromebooks must be connected and logged in.

Apply Policies

Apply policies to your organization's Chromebooks. For more information, see Add a Chromebook Specific Policy.


G Suite Identity Service < Deploy the Chromebook Client > Add a Chromebook Specific Policy

Updated 12 days ago

Deploy the Chromebook Client


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.