White Glove Tutorials

One of our goals at Trafera is to make deploying Chromebooks as easy and frustration-free as possible. To help with enrollment, we will need limited access to your Google Domain during white glove setup

These guides will help you through the process of creating a restricted admin account and enrollment-only user account for our use. If you need additional help or have any questions, we’re here for you.

Feel free to contact our support team at:
support@trafera.com or call toll-free 1-855-862-5120.


Creating the Organizational Unit [OU]

Go to https://admin.google.com and login with a Super Admin account

  1. Select “Organizational Units”
  2. Click “Create organizational unit”
  3. Name the OU
    • We recommend something identifiable like “TFenroll”
    • You can add a description (not required)
    • The Parent Organizational unit is defaulted to the primary domain (ex. @trafera.com)
  4. Click “Create”


Allowing ChromebookInventory in Google Admin Console

  1. Login to your organization’s admin console at https://admin.google.com
  2. After logging in, navigate to Apps > Google Workspace Marketplace apps > Settings
  3. Select the OU the Trafera console user is in and under "Manage access to apps" make sure "Allow users to install and run any app from the Marketplace" or "Allow users to install and run allowlisted apps from the Marketplace" is checked. If "Don't allow users to install and run apps from the Marketplace" is checked, we will be unable to use ChromebookInventory to upload information from your order to your Admin console
  4. Now, navigate to Apps > Google Workspace Marketplace apps > Apps list and select "ALLOWLIST APP." This will bring you to the "Add an app to the allowlist" section. In this section, complete the following steps:

    • Search for "chromebookInventory" and click "SELECT"
    • Leave "Allow users to install this app" checked and click "CONTINUE"
    • Select "Specific groups or organizational units" and choose the "TFenroll" OU or whatever OU you placed the Trafera console user into. Then click "SAVE" and "FINISH"

  5. Once done, you'll be brought back to the "Google Workspace Marketplace Apps" section. From here, select the OU the Trafera console user is in and select "Allowlisted Apps" to confirm chromebookInventory is allowed as pictured below



  6. If you see the app allowed as pictured above, this process was completed successfully and no more action for allowing the app should be required.

    • Special note: If you are utilizing Groups within the Google Admin console and the Trafera console user is in a group. You will need to allow app access to that group as well.



Creating A Locked-Down Admin Account

Overview:

This guide will instruct you on how to create a custom role with limited privileges and assign that role to a user for Trafera to complete console work, such as asset tag uploads, OU movements, and device location details, on your behalf.

Creating A Custom Role:

  1. Login to your organization’s admin console at https://admin.google.com.
  2. After logging in, navigate to Account > Admin roles > Create new role.
  3. Give the role a name that’s easily recognizable, like “Trafera Locked-Down Admin”.
  4. From the “Select Privileges” section, search for and apply the following options. Note, the privileges listed in red get assigned automatically when assigning the privileges in blue.
  5. Admin console privileges:
    • Organizational Units > Read
    • Services > Chrome Management > Settings > Manage User Settings
    • Services > Chrome Management > Settings > Manage User Settings > Manage Application Settings
    • Services > Chrome Management > Settings > Manage Chrome OS Devices
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Telemetry Device Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Telemetry User Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Audio Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Bus Device Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > OS Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > CPU Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > CPU Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Memory Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Memory Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Graphics Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Graphics Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Battery Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Battery Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Storage Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Storage Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Network Info
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Network Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Device Activity Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Read > Telemetry API > Peripherals Telemetry & Events
    • Services > Chrome Management > Settings > Manage Chrome OS Devices > Start Remote Desktop
    • Services > Chrome Management > Settings > Manage Chrome OS Device Settings
  6. Admin API privileges:
    • Organization Units > Read
    • Schema Management
    • Schema Management > Schema Read
  7. Once all the above privileges have been checked, you should have a total of 32 applied privileges. Then click CONTINUE > CREATE ROLE.
  8. Lastly, select ASSIGN ROLE > Assign users and select the user you’re wanting to have this role.
  9. If the user you assign this role to has other privileges, those privileges may overrule this one.
  10. Congratulations! You’ve just created a custom role and applied it to a user.

For more information regarding Google’s privileges and roles, please see this guide here:
https://support.google.com/a/answer/1219251

Categories: Services & Repairs