Your Device Lifecycle Experts!

FireFly Knowledge Library

Creating a Locked-Down Chromebook
Enrollment Account

When enrolling Chromebooks, we often receive requests to modify device information fields or locations within the Google Admin Console. In order to efficiently and accurately provide this service, we recommend the creation of a locked down enrollment account. This allows for the explicit function of device enrollment and modification, without giving access to anything else in your Google domain. Alternatively, you may also opt to give more broad permissions to the enrollment account using a pre-configured admin role.

  1. Login to with a Super Admin account
  2. Select the “Admin Roles” tile
  3. Click “Create A New Role” in the top left
  4. Choose a fitting title and description for the admin role. For example, “Enrollment Admin”
  5. Choose the following permissions
    1. Under “Admin Console Permissions”
      1. Organizational Units
        1. Read
      2. Services
        1. Chrome OS - Settings
          1. Manage Devices
          2. Manage Device Settings
    2. Admin API Privileges
      1. Organizational Units
        1. Read
      2. Schema Management
        1. Schema Read
  6. Click “Save” to create the admin role
  7. Next, enable API access at the domain level. Return to the Admin Console home by clicking “Google Admin” on the top left
  8. Click the “Security” tile
  9. Expand the “API Reference” section
  10. Check the box for “Enable API Access”
  11. Finally, create the enrollment user. Return to the Admin Console home by clicking “Google Admin” on the top left
  12. Click the “Users” tile
  13. Click the + icon on the bottom right to add a new user. We recommend credentials that are easy to type
  14. Click “Create” on the bottom right to create the user
  15. Locate the new user account, then select the user by clicking on the username
  16. Click “Show More” at the bottom of the page and select “Admin Roles and Privileges”
  17. A list of admin roles will appear, including the new one you named in step 4 above. Click the toggle next to our new admin role to assign that role to the new user
  18. Click “Save”

Thank You!

Legal Information: The information in this document is provided on an “as is” and “as available” basis. FireFly Computers makes no representations or warranties as to the accuracy, reliability, or quality of the information and in no circumstances shall FireFly Computers be held liable for any damages resulting from the use, misuse, or failure to use this document or the information it contains. All trademarks are the property of their respective owners. Reproduction, modification, or distribution of this document or the information it contains, in whole or in part, is strictly prohibited without the express written permission of FireFly Computers, LLC.