Quickstart

This page walks you through enabling Endpoint Verification and monitoring corporate devices.

For more information about Endpoint Verification, see the Overview.

Before you begin

  • Log in to your Google Workspace admin account and access the Admin console.
  • Have an organization whose devices meet the following specifications:
    • Devices running Chrome OS
    • Apple® Mac® OS X® El Capitan (10.11) and later
    • Microsoft® Windows® 7 and 10

Turning on Endpoint Sync

Endpoint Sync is a setting in the Google Workspace Admin Console that lets you collect device information from users within your organization that have the Endpoint Verification extension installed. By default, Endpoint Sync is turned on. Follow these instructions if you would like to confirm if Endpoint sync is on or not.

  1. Open the Google Workspace Admin Console and log in to your admin account.

    Open the Google Workspace Admin Console

  2. From the Admin console Home page, go to Devices.

  3. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.

  4. Click Data access > Endpoint verification.

  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit from the Organizational units pane.

  6. Check the Monitor which devices access organization data checkbox.

  7. Click Save. If you configured a child organizational unit, you might be able to inherit or override a parent organizational unit's settings.

Deploying Endpoint Verification

To deploy the Endpoint Verification extension to your organization's company-owned devices, do the following:

  1. Open the Google Workspace Admin Console and log in to your admin account.

    Open the Google Workspace Admin Console

  2. From the Admin console Home page, go to Devices.

  3. Under Device Settings, click Chrome management

  4. Click Apps & extensions.

  5. At the bottom-right, click Add > Add from Chrome Web Store.

  6. In the Search the store field, enter Endpoint Verification.

  7. Click Select next to the Endpoint Verification extension.

  8. Click User settings.

  9. Under Orgs, select the org to deploy the extension to.

  10. Ensure that Allow access to keys and Allow enterprise challenge are on.

  11. Click the Installation policy drop-down for Endpoint Verification and select Force install.

  12. In the top-right click Save.

Installing the native helper app

The native helper app of Endpoint Verification is required for the certificate-based access and for the following systems:

  • Windows and Mac with Chrome browser 79 and earlier.
  • Linux with any version of Chrome browser.

To install the native helper app, do the following:

  1. Open Chrome browser.
  2. On the browser toolbar, click the extension Endpoint Verification to open it.
  3. If prompted, click Add Account and enter your corporate email address and password.
  4. If you see a message that the native helper isn't on your device, click Install it and follow the steps to install the native helper.
  5. Click the extension again and then click Sync Now.

If your want to deploy the native helper instead of having your users install it, see Deploying the Endpoint Verification native helper with third-party tools.

For more information about deploying extensions, see Manage Chrome Browser extensions in the Admin console.

Turning off Endpoint Verification

If you turn off Endpoint Verification, you won't see any computers added after that in your Google Workspace Admin Console. You can still see computers that were monitored before, but device information isn't updated.

  1. From the Admin console Home page, go to Devices.
  2. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.
  3. Click Data access > Endpoint verification.
  4. Clear the Monitor which devices access organization data checkbox.
  5. Click Save.