Chrome Unboxed | Guest Contributor
The lightweight, secure nature of ChromeOS has quickly become a staple in the Enterprise sector and Google has worked tirelessly to ensure that IT administrators have all the tools they need to keep security at the forefront of business. With safeguards such as the ChromeOS Trusted Platform Module, multiple 2FA options, and the ability to lock and wipe a device remotely, Chromebooks are the perfect computing solution for the workforce whether in-person, hybrid or fully remote.
Another powerful security feature baked directly into the ChromeOS platform is Verified Access. This tool allows administrators to verify not only devices but also users before they are granted access to company networks and/or infrastructures. When enabled for an organizational unit, the Verified Access API will create a challenge that must, in turn, be passed by the connecting hardware or user account. This means that devices that are in Dev mode or not managed by the OU will not pass the verification process and access to the network will be denied. This prevents access from unauthorized users or hardware to services behind the Verified Access API and thus, strengthens organizational security.
“The Chrome Verified Access API allows network services such as VPNs and intranet pages to cryptographically verify that their Chrome OS clients are genuine and conform to corporate policy.”
- Google Developers
How to use Verified Access
To get started with Verified Access for your institution, you will need to create a Verified Access API via the Google Cloud API console here. To learn more about creating a new API key, please see the Google Cloud documentation here. When creating the API for your application, you will need to ensure that the Verified Access API is enabled and that your applications or service is compatible with the Verified Access protocol. Once your API is created and enabled, you can then enable Verified Access for your managed devices and/or users.
In order for your managed devices to authenticate with the Verified Access API, you will need to create a Verified Access Extension to be installed on your Chromebooks. You can create a custom extension or utilize a third-party partner like Cloudpath to generate your certificates. Your new Chrome Extenstion will then need to be published to the Chrome Web Store. From there, you can navigate to the App and Extensions section of the Google Admin console and force install the extension on your fleet of devices. (Admin Console>Devices>Apps & Extensions>Users & Browsers)
Enabling Verified Access
Now that you have your API in place and your Verified Access Extension is installed, navigate to Admin Console>Devices>Chrome>Settings>Device. Under the Enrollment and Access section, find “Verified Mode” and change the setting to “Require verified mode boot for verified access.” This will enable Verified Access mode for your ChromeOS devices that are enrolled on that particular OU.
To enable Verification for users, head to the Users & Browsers section under Devices>Chrome>Settings and change that setting to “Require verified mode boot for verified access.” Additionally, you can add a list of emails to the user verification section that can grant limited or full access to the API. These accounts can be created via the Google API console. You can find the full documentation for creating and developing a Verified Access API for your company on the Google Developer website.
By Chrome Unboxed | News, Updates, Unboxings
Chrome Unboxed is a popular online space for tech lovers to keep up with all things Chrome. Chrome Unboxed goes in depth with the latest news, updates and unboxings of the best existing technology products.