White Glove Tutorials

One of our goals at Trafera is to make deploying Chromebooks as easy and frustration-free as possible. To help with enrollment, we will need limited access to your Google Domain during white glove setup

These guides will help you through the process of creating a restricted admin account and enrollment-only user account for our use. If you need additional help or have any questions, we’re here for you.

Feel free to contact our support team at:
support@trafera.com or call toll-free 1-855-862-5120.

Creating the Organizational Unit [OU]

Go to https://admin.google.com and login with a Super Admin account

  1. Select “Organizational Units”
  2. Click “Create organizational unit”
  3. Name the OU
    • We recommend something identifiable like “TFenroll”
    • You can add a description (not required)
    • The Parent Organizational unit is defaulted to the primary domain (ex. @trafera.com)
  4. Click “Create”

Apps Settings

  1. Now to setup the Apps settings for the OU. Return to the Admin Console home screen.
  2. Select “Apps”
  3. Click “Google Workspace”
  4. On the left side, click the Enrollment OU you created
  5. Select all checkboxes, then click “Off” on the top right
    • Confirm any additional pop-up boxes
  6. Go back to the “Apps” setting
  7. Click “Additional Google Services”
  8. On the left side click the Enrollment OU you created
  9. Select all checkboxes, then click “Off” on the top right
    • Confirm any additional pop-up boxes

Creating A Locked-Down Admin Account

Overview:

This guide will instruct you on how to create a custom role with limited privileges and assign that role to a user for Trafera to complete console work, such as asset tag uploads, OU movements, and device location details, on your behalf.

Creating A Custom Role:

  1. Login to your organization’s admin console at https://admin.google.com.
  2. After logging in, navigate to Account > Admin roles > Create new role.
  3. Give the role a name that’s easily recognizable, like “Trafera Locked-Down Admin”.
  4. From the “Select Privileges” section, search for and apply the following options. Note, the privileges listed in red get assigned automatically when assigning the privileges in blue.
  5. Admin console privileges:
    • Organizational Units > Read
    • Services > Chrome Management > Settings > Manage User Settings
    • Services > Chrome Management > Settings > Manage User Settings > Manage Application Settings
    • Services > Chrome Management > Settings > Manage Chrome OS Devices
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Telemetry Device Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Telemetry User Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Audio Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Bus Device Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > OS Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > CPU Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > CPU Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Memory Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Memory Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Graphics Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Graphics Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Battery Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Battery Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Storage Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Storage Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Network Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Network Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Device Activity Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Peripherals Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Start Remote Desktop
    • Services > Chrome Management > Settings > Manage Chrome OS Device Settings
  6. Admin API privileges:
    • Organization Units > Read
    • Schema Management
    • Schema Management > Schema Read
  7. Once all the above privileges have been checked, you should have a total of 32 applied privileges. Then click CONTINUE > CREATE ROLE.
  8. Lastly, select ASSIGN ROLE > Assign users and select the user you’re wanting to have this role.
  9. If the user you assign this role to has other privileges, those privileges may overrule this one.
  10. Congratulations! You’ve just created a custom role and applied it to a user.

For more information regarding Google’s privileges and roles, please see this guide here:
https://support.google.com/a/answer/1219251

Categories: Services & Repairs