Google Workspace Chromebook (Staff Device Management) Integration

The Google Workspace Chromebook integration enables Sprinto to monitor and evaluate the security and compliance posture of Chromebook devices managed within your organisation.

This integration is designed for Staff Device Management, allowing you to:

• Track enrolled Chromebook devices.

• Monitor device compliance and security posture.

• Map devices to users for audit readiness.

• Automate evidence collection for device-related controls.

Sprinto integrates with Google Workspace using OAuth 2.0 and the Admin SDK Directory API to securely fetch device data.

How it works

Sprinto connects to your Google Workspace account using OAuth 2.0 and retrieves Chromebook device data via the Admin SDK Directory API.

Once connected:

1. Sprinto requests read-only access to ChromeOS device data.

2. Google Workspace authorises access via OAuth.

3. Sprinto fetches device information using the Admin SDK Directory API.

4. Device data is mapped to users and compliance controls.

5. Monitors continuously evaluate device posture and sync updates.

Sprinto operates in a read-only mode and does not perform any actions on devices.

Prerequisites

Before setting up the integration, ensure the following:

Google Workspace requirements

• You have Super Admin, Services Admin, or delegated admin access with Chrome device permissions.

• ChromeOS device management is enabled.

• Chromebook devices are enrolled and managed.

Admin console configuration

1. Go to Admin Console → Devices → Chrome → Settings → Device settings.

2. Ensure ChromeOS services are enabled.

3. Verify device management is active.

API requirements

• Admin SDK Directory API must be enabled.

• OAuth access must be allowed for third-party integrations.

Use cases

Permissions and data access

APIs used

Sprinto uses the Admin SDK Directory API.

Base URL: https://admin.googleapis.com/admin/directory/v1

OAuth scope required

Sprinto requires:

• https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly

This allows Sprinto to:

• List Chromebook devices.

• Read device configuration and status.

• Monitor compliance attributes.

Administrator permissions required

You must have one of the following roles:

• Super Admin

• Services Admin (with Chrome device permissions)

• Delegated Admin with ChromeOS access

Additionally:

• Mobile Device Management privileges must be enabled.

• Chrome device management must be active.

Data accessed by Sprinto

Sprinto collects the following data:

Device information

• Device ID

• Serial number

• Asset ID

• Model and platform version

• OS version

Status and compliance

• Device status (active, disabled)

• OS version compliance

• Encryption and security posture

User association

• Assigned user

• Recent users

Activity and lifecycle

• Last sync time

• Enrollment details

• Organisational unit mapping

Important limitations

• Sprinto operates in read-only mode.

• No remote actions (wipe, restart, disable) are performed.

• Only enrolled devices are visible.

Monitors and compliance

Active monitors

This integration enables Sprinto to:

• Track Chromebook device inventory.

• Monitor device compliance posture.

• Validate device-user mapping.

• Detect inactive or non-compliant devices.

Compliance checks supported

Sprinto evaluates:

• OS version compliance.

• Device activity and sync status.

• Device ownership and assignment.

• Security posture based on available attributes.

Dashboard actions

Connect Google Workspace Chromebook

1. Log in to the Sprinto dashboard.

2. Navigate to Settings → Integrations.

3. Search for Google Workspace.

4. Click Connect.

Select Chromebook integration

1. In the drawer, locate Google Workspace Chromebook (Staff Device Management).

2. Click Connect.

Review permissions

1. Review the following sections:

   • Controls and checks automated.

   • Permissions required.

   • Data accessed by Sprinto.

2. Click Next.

Authorise the integration

1. Review the setup instructions.

2. Click Connect Google Workspace Chromebook.

Complete OAuth authentication

1. Sign in to your Google Workspace admin account.

2. Select your account.

3. Review requested permissions.

4. Click Allow to grant access.

Complete setup

1. Wait for the integration to complete.

2. You will be redirected back to Sprinto.

3. Initial device sync will begin automatically.

Post-connection flow

After successful integration:

• Chromebook devices are automatically synced.

• Device data is mapped to users.

• Compliance monitors are activated.

• Evidence is collected continuously.

Initial sync may take a few minutes depending on the number of devices.

Troubleshooting

1. Admin SDK API not enabled

Issue: Integration fails or no data is fetched. Resolution: Enable Admin SDK Directory API in Google Cloud Console and retry.

2. Insufficient permissions

Issue: Authorisation fails or partial data is visible. Resolution: Ensure you are using a Super Admin or equivalent role and reconnect.

3. No devices visible

Issue: Devices are not shown in Sprinto. Resolution:

• Ensure devices are enrolled.

• Verify ChromeOS management is enabled.

• Wait for initial sync.

4. Device data missing

Issue: Missing OS version or user mapping. Resolution:

• Ensure devices are actively syncing.

• Verify policies in Admin Console.

• Check last sync timestamps.

5. OAuth blocked

Issue: Unable to complete authentication. Resolution:

• Allow third-party app access.

• Check organisation OAuth restrictions.

• Retry authentication.

6. Sync delays or rate limits

Issue: Data updates are delayed. Resolution:

• Google API rate limits may apply.

• Sprinto retries automatically.

• Allow time for sync to stabilise.

Key considerations

• Re-enabling a disabled device may consume a licence.

• Deprovisioned devices must be wiped before re-enrolment.

• ChromeOS APIs do not support reseller-level remote administration.

Support

Please contact Sprinto Support If you have any queries related to the integration or need any assistance.