# Google Workspace Chromebook (Staff Device Management) Integration

The Google Workspace Chromebook integration enables Sprinto to monitor and evaluate the security and compliance posture of Chromebook devices managed within your organisation.

This integration is designed for **Staff Device Management**, allowing you to:

* Track enrolled Chromebook devices.
* Monitor device compliance and security posture.
* Map devices to users for audit readiness.
* Automate evidence collection for device-related controls.

Sprinto integrates with Google Workspace using OAuth 2.0 and the Admin SDK Directory API to securely fetch device data.

***

### How it works

Sprinto connects to your Google Workspace account using OAuth 2.0 and retrieves Chromebook device data via the Admin SDK Directory API.

Once connected:

1. Sprinto requests read-only access to ChromeOS device data.
2. Google Workspace authorises access via OAuth.
3. Sprinto fetches device information using the Admin SDK Directory API.
4. Device data is mapped to users and compliance controls.
5. Monitors continuously evaluate device posture and sync updates.

Sprinto operates in a **read-only mode** and does not perform any actions on devices.

***

### Prerequisites

Before setting up the integration, ensure the following:

#### Google Workspace requirements

* You have **Super Admin**, **Services Admin**, or delegated admin access with Chrome device permissions.
* ChromeOS device management is enabled.
* Chromebook devices are enrolled and managed.

***

#### Admin console configuration

1. Go to **Admin Console → Devices → Chrome → Settings → Device settings**.
2. Ensure ChromeOS services are enabled.
3. Verify device management is active.

***

#### API requirements

* Admin SDK Directory API must be enabled.
* OAuth access must be allowed for third-party integrations.

***

### Use cases

<table><thead><tr><th width="257">Use case</th><th>Description</th></tr></thead><tbody><tr><td>Device compliance monitoring</td><td>Ensure all Chromebook devices meet security requirements.</td></tr><tr><td>Audit readiness</td><td>Provide evidence of device posture for SOC 2, ISO 27001.</td></tr><tr><td>User-device mapping</td><td>Track which users are assigned to which devices.</td></tr><tr><td>Continuous monitoring</td><td>Detect non-compliant or inactive devices.</td></tr></tbody></table>

***

### Permissions and data access

#### APIs used

Sprinto uses the **Admin SDK Directory API**.

**Base URL:**\
`https://admin.googleapis.com/admin/directory/v1`

***

#### OAuth scope required

Sprinto requires:

* `https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly`

This allows Sprinto to:

* List Chromebook devices.
* Read device configuration and status.
* Monitor compliance attributes.

***

#### Administrator permissions required

You must have one of the following roles:

* Super Admin
* Services Admin (with Chrome device permissions)
* Delegated Admin with ChromeOS access

Additionally:

* Mobile Device Management privileges must be enabled.
* Chrome device management must be active.

***

#### Data accessed by Sprinto

Sprinto collects the following data:

**Device information**

* Device ID
* Serial number
* Asset ID
* Model and platform version
* OS version

**Status and compliance**

* Device status (active, disabled)
* OS version compliance
* Encryption and security posture

**User association**

* Assigned user
* Recent users

**Activity and lifecycle**

* Last sync time
* Enrollment details
* Organisational unit mapping

***

#### Important limitations

* Sprinto operates in **read-only mode**.
* No remote actions (wipe, restart, disable) are performed.
* Only enrolled devices are visible.

***

### Monitors and compliance

#### Active monitors

This integration enables Sprinto to:

* Track Chromebook device inventory.
* Monitor device compliance posture.
* Validate device-user mapping.
* Detect inactive or non-compliant devices.

***

#### Compliance checks supported

Sprinto evaluates:

* OS version compliance.
* Device activity and sync status.
* Device ownership and assignment.
* Security posture based on available attributes.

***

### Dashboard actions

#### Connect Google Workspace Chromebook

1. Log in to the Sprinto dashboard.
2. Navigate to **Settings → Integrations**.
3. Search for **Google Workspace**.
4. Click **Connect**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FwqTyX2yVqIw3r8wmMQAL%2FScreenshot%202026-04-14%20at%2014.45.21.png?alt=media&#x26;token=6d1b96b7-faa9-4237-a3ca-417b59593cb9" alt="" width="563"><figcaption></figcaption></figure>

***

#### Select Chromebook integration

5. In the drawer, locate **Google Workspace Chromebook (Staff Device Management)**.
6. Click **Connect**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FC6RfM4Z23fXAxgkYR2He%2FScreenshot%202026-04-14%20at%2014.45.50.png?alt=media&#x26;token=cd05e57f-c80d-48b8-9746-c47ff0e980d9" alt="" width="375"><figcaption></figcaption></figure>

***

#### Review permissions

7. Review the following sections:
   * Controls and checks automated.
   * Permissions required.
   * Data accessed by Sprinto.
8. Click **Next**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FBtvC5lNC2h0ZJUflAcuc%2FScreenshot%202026-04-14%20at%2014.46.56.png?alt=media&#x26;token=a5bcf68a-f04a-4ff5-b49a-3a0397286138" alt="" width="375"><figcaption></figcaption></figure>

***

#### Authorise the integration

9. Review the setup instructions.
10. Click **Connect Google Workspace Chromebook**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FHgWnv7vJM662GpIfK9uk%2FScreenshot%202026-04-14%20at%2014.47.22.png?alt=media&#x26;token=b3afbf9f-40bb-43ac-b051-02b09c9fae8b" alt="" width="375"><figcaption></figcaption></figure>

***

#### Complete OAuth authentication

11. Sign in to your Google Workspace admin account.
12. Select your account.
13. Review requested permissions.
14. Click **Allow** to grant access.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FJcVVPvrz9umOPfq44x6T%2FScreenshot%202026-04-14%20at%2014.47.59.png?alt=media&#x26;token=265a27a5-d80f-4d7f-b7ba-95e71017e7be" alt="" width="563"><figcaption></figcaption></figure>

***

#### Complete setup

15. Wait for the integration to complete.
16. You will be redirected back to Sprinto.
17. Initial device sync will begin automatically.

***

### Post-connection flow

After successful integration:

* Chromebook devices are automatically synced.
* Device data is mapped to users.
* Compliance monitors are activated.
* Evidence is collected continuously.

Initial sync may take a few minutes depending on the number of devices.

***

### Troubleshooting

#### 1. Admin SDK API not enabled

**Issue:** Integration fails or no data is fetched.\
**Resolution:**\
Enable Admin SDK Directory API in Google Cloud Console and retry.

#### 2. Insufficient permissions

**Issue:** Authorisation fails or partial data is visible.\
**Resolution:**\
Ensure you are using a Super Admin or equivalent role and reconnect.

#### 3. No devices visible

**Issue:** Devices are not shown in Sprinto.\
**Resolution:**

* Ensure devices are enrolled.
* Verify ChromeOS management is enabled.
* Wait for initial sync.

#### 4. Device data missing

**Issue:** Missing OS version or user mapping.\
**Resolution:**

* Ensure devices are actively syncing.
* Verify policies in Admin Console.
* Check last sync timestamps.

#### 5. OAuth blocked

**Issue:** Unable to complete authentication.\
**Resolution:**

* Allow third-party app access.
* Check organisation OAuth restrictions.
* Retry authentication.

#### 6. Sync delays or rate limits

**Issue:** Data updates are delayed.\
**Resolution:**

* Google API rate limits may apply.
* Sprinto retries automatically.
* Allow time for sync to stabilise.

***

### Key considerations

* Re-enabling a disabled device may consume a licence.
* Deprovisioned devices must be wiped before re-enrolment.
* ChromeOS APIs do not support reseller-level remote administration.

***

### Support

Please contact [Sprinto Support](mailto:www.support@sprinto.com) If you have any queries related to the integration or need any assistance.