How to configure Chrome on macOS via Workspace ONE UEM
Chrome is a very popular browser, however when setting it up on managed devices, it might be useful to customise its configuration.
Chrome Enterprise has options to be configured via the MDM through a .mobileconfig file that we generate using the Chrome Bundle downloaded from Google.
This configuration is divided in 4 parts. Initially we will download all the necessary components as well as install the Workspace ONE Admin Assistant app. After that, we will generate the .mobileconfig file in order to configure Chrome. Then we will install the Chrome app on the managed device via Workspace ONE UEM and finally we will install the configuration file.
In order to execute this procedure, you will need to use a “management” macOS device.
Pre-reqs
1. Download the Chrome DMG Universal Installer for macOS and the Chrome bundle for Windows 64-bit from Google’s website:
https://enterprise.google.com/chrome/chrome-browser/#2. Download the mcxToProfile script from GitHub (select Code and then Download ZIP):
https://github.com/timsutton/mcxToProfile3. Download and Install the Workspace ONE Admin Assistant for macOS app on your macOS management device:
https://getwsone.com/AdminAssistant/VMwareWorkspaceONEAdminAssistant.dmgGenerate the .mobileconfig file
1. Unzip the GoogleChromeEnterpriseBundle64.zip file and copy the com.google.Chrome.plist file from the Configuration folder to a separate folder.
2. Edit the com.google.Chrome.plist file with your preferred text editor and modify the settings as required.
3. Unzip the mcxToProfile downloaded file and then copy the mcxToProfile.py to the same folder as the com.google.Chrome.plist file.
4. Open Terminal and navigate to the folder where the .plist and .py files are located.
5. Run the following command:
./mcxToProfile.py --plist com.google.Chrome.plist --identifier com.google.Chrome6. Check that the com.google.Chrome.mobileconfig file has been generated.
Chrome App Installation
In order to install a macOS app via Workspace ONE UEM, first we need to generate the Metadata file for the installer.
1. Launch the Workspace ONE Admin Assistant and open the Chrome DMG file downloaded earlier.
2. Once Parsing is completed, select the Reveal in Finder button. Check that there is a folder with 3 files, including a .plist file.
After generating the .plist and .png files, we can now proceed with the app installation settings.
3. On the Workspace ONE UEM console, navigate to Apps & Books > Applications > Native.
4. Select Add and then Application File.
5. Select the Upload button and then Browse. Select the Chrome DMG file that was downloaded earlier and then select Open.
6. Select the Save button and wait for the application to be uploaded to the Console.
7. Select Continue. Next to Metadata File, select Upload and then Browse.
8. Locate the .plist file generated by Workspace ONE Admin Assistant and then select Save.
9. Select Continue. On the Images tab, select Click or drag files here and then open the .png file generated by Workspace ONE Admin Assistant.
10. Select Save and Assign and then assign the App to the relevant devices.
11. Verify that the Chrome app gets installed on your device.
Install the Chrome configuration file
In order to install the configuration from the .mobileconfig file we need to create Profile with a Custom Settings payload.
1. On Workspace ONE UEM, navigate to Devices > Profiles & Resources > Profiles.
2. Select Add and then Add Profile.
3. Select macOS as the Platform, then select Device Profile as the Context.
4. Under the General payload, give a name to your Profile (e.g. Chrome Config) and assign it to the relevant groups.
5. Scroll down the payload list on the left and then select Custom Settings.
6. Edit your .mobileconfig file with your preferred text editor. Select the contents between (not including) the first <array> tag and the last </array> tag.
Below is an example of the code I used in this example:
<dict>
<key>PayloadContent</key>
<dict>
<key>com.google.Chrome</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AllowOutdatedPlugins</key>
<false/>
<key>DefaultBrowserSettingEnabled</key>
<true/>
<key>EnableMemoryInfo</key>
<true/>
<key>ExtensionInstallForcelist</key>
<array>
<string>noondiphcddnnabmjcihcjfbhfklnnep;https://clients2.google.com/service/update2/crx</string>
<string>djflhoibgkdhkhhcedjiklpkjnoahfmg;https://clients2.google.com/service/update2/crx</string>
</array>
<key>HomepageIsNewTabPage</key>
<false/>
<key>HomepageLocation</key>
<string>https://raulcunha.com</string>
<key>ManagedBookmarks</key>
<array>
<dict>
<key>toplevel_name</key>
<string>Company Bookmarks</string>
</dict>
<dict>
<key>name</key>
<string>Raul Cunha</string>
<key>url</key>
<string>raulcunha.com</string>
</dict>
<dict>
<key>name</key>
<string>BBC</string>
<key>url</key>
<string>bbc.co.uk</string>
</dict>
<dict>
<key>name</key>
<string>Acme Laboratories</string>
<key>url</key>
<string>acme.com</string>
</dict>
<dict>
<key>children</key>
<array>
<dict>
<key>name</key>
<string>Google</string>
<key>url</key>
<string>google.com</string>
</dict>
</array>
<key>name</key>
<string>Chrome links</string>
</dict>
</array>
<key>MaxConnectionsPerProxy</key>
<integer>99</integer>
<key>MetricsReportingEnabled</key>
<true/>
<key>RestoreOnStartup</key>
<integer>0</integer>
<key>SafeBrowsingEnabled</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>MCXToProfile.e8aca5e2-f1a9-45bd-b57a-3bdd9767554c.alacarte.customsettings.6fc29fbe-2d1d-4ea0-9a7e-6869533b64fd</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>6fc29fbe-2d1d-4ea0-9a7e-6869533b64fd</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>7. Select the Configure button and then paste the this code on the Custom Settings field.
8. Select Save and Publish and then Publish to push this profile to your devices.
Check that the Profile has been installed successfully and then launch Chrome on the device. Verify that settings, such as bookmarks, have been applied correctly.
For this configuration, I used the following documentation as a reference:
https://support.google.com/chrome/a/answer/7550274?hl=en&ref_topic=7650028—