F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Center
  3. BIG-IP APM and F5 Access for Chrome OS v1.0.0
  4. Deploying F5 Access with Chrome Enterprise
Manual Chapter : Deploying F5 Access with Chrome Enterprise

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Manual Chapter

Deploying F5 Access with Chrome Enterprise

Installing F5 Access with Chrome Enterprise

The Chrome Enterprise administrator can choose whether F5 Access is installed automatically for the organization unit, or whether users must install the app themselves.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Force-installed Apps and Extensions
     area, click
    Manage force-installed apps
    .
  7. Select
    Chrome Web Store
     in the left pane, and search by the application name
    F5 Access
    .
  8. Click
    Add
     in the
    F5 Access
     row.
  9. Click the
    Save
     button.
  10. Click
    Save
     to save the user settings.
F5 Access for Chrome OS is now configured to be automatically installed on user machines in the selected organization unit. See Set Chrome Policies for Users on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Making F5 Access available to users in Chrome Enterprise

The Chrome Enterprise administrator can make the F5 Access app available for users to download and install on their own devices.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Allowed Apps and Extensions
     area, select the allow or block policy stance.
    • If you select
      Allow all apps and extensions except the ones I block
      , users can install F5 Access with no further configuration.
    • If you select
      Block all apps and extensions except the ones I allow
      , specify that F5 Access is an allowed app. Select
      Chrome Web Store
       in the left pane, type
      F5 Access
      , add the
      F5 Access
       app, and click
      Save
      .
  7. Click
    Save
     to save the user settings.
Users can now download and install F5 Access for Chrome OS. See Set Chrome Policies for Users on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Recommending the F5 Access app to users in Chrome Enterprise

The Chrome Enterprise administrator can recommend the F5 Access app to users to download and install on their own devices.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Recommended Apps and Extensions
     area, click
    Manage
    .
  7. Select
    Chrome Web Store
     in the left pane, and search by the application name
    F5 Access
    .
  8. Click
    Add
     in the
    F5 Access
     row.
  9. Click
    Save
     to save the user settings.
Users now see the F5 Access app as a recommended app for their domain. See Set Chrome Policies for Users on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Specifying VPN configurations for F5 Access with Chrome Enterprise

The Chrome Enterprise administrator can specify VPN configurations to include with the F5 Access app.
Users cannot delete or modify VPN configurations added to the app by administrators.
  1. Create a text file in your text editor.
  2. Specify VPN configurations in the text file, with the required information.
  3. Save the text file.
The text file that contains VPN configurations can be uploaded to add those configurations to the F5 Access app.

VPN policy file specification for F5 Access

This is the file specification for the file you create to upload VPN configurations to F5 Access with Chrome Enterprise.
	{
		"type":"object",
		"properties":{
			"Configurations":{
				"type":"array",
				"items":{
					"type":"object",
					"properties":{
						"name":{
							"type":"string"
						},
						"server":{
							"type":"string"
						},
						"weblogon":{
							"type":"boolean"
						},
						"certificate":{
							"type":"object",
							"properties":{
								"issuer":{
									"type":"object",
									"properties":{
										"CN":{
											"type":"string"
										}
									}
								}
							}
						}
					}
				}
			}
		}
	}

VPN policy settings for F5 Access with Chrome Enterprise

These settings can be configured in the VPN policy for F5 Access with Chrome Enterprise.
Policy setting
Description
name
(Required) The name of VPN configuration.
server
(Required) The URL of the BIG-IP® server.
weblogon
(Optional) Specify this value as
true
 to enable Web authentication mode. This is set to
false
 by default.
certificate/issuer/CN
(Optional) The Common Name of the certificate authority that issued client certificate. Use this to auto-select a client certificate from the device certificate store.

Example VPN policy for F5 Access with Chrome Enterprise

These settings can be configured in the VPN policy for F5 Access with Chrome Enterprise.
{
           "Configurations": {
              "Value": [
                {
                     "name":     "DemoVPN1",
                     "server":   "https://myvpn.server.company.com",
                     "weblogon":  false
                     "certificate": {
                         "issuer": {"CN":"DemoIssuerCA"}
                     }
                },
                {
                  "name":     "DemoVPN2",
                  "server":   "https://myvpn2.server.company.com",
                  "weblogon":  true
                },
                {
                  "name":     "DemoVPN3",
                  "server":   "https://myvpn3.server.company.com",
                }
              ]
          }
}

Uploading a VPN policy file in Chrome Enterprise

Install a VPN configuration file through App Management in Chrome Enterprise.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    App Management
    .
  5. Search by the application name
    F5 Access
    .
  6. Select the application and click
    User settings
    .
  7. Select an organization unit to which you want the settings to apply.
  8. Click
    Upload configuration file
    , and select the policy file to upload.
  9. Click
    Save
     to save the user settings.
The VPN configuration file now applies to the F5 Access app. See Manage Chrome Apps individually on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Increasing security by disabling Chrome Developer Tools

We recommend that you disable Chrome Developer Tools in the F5 Access app to avoid potential security risks.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Developer Tools
     area, click
    Never allow use of built-in developer tools
    .
  7. Click
    Save
     to save the user settings.
Chrome Developer Tools are now disabled in the F5 Access app.

Increasing security by locking the device screen when idle

We recommend that you enable the device screen lock policy for the F5 Access app to avoid potential security risks.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Screen Lock
     area, click
    Always automatically lock screen on idle
    .
  7. Click
    Save
     to save the user settings.
The device screen lock policy is now enforced for F5 Access app users.

Providing certificate access to F5 Access users

F5 Access for Chrome OS can authenticate with client certificates to the BIG-IP® Access Policy Manager®. Such client certificates must be pre-installed on Chrome devices in order to be available to F5 Access. Chrome Enterprise administrator has to allow access to the enterprise certificates and keys to F5 Access.
For more information, see Manage certificates on the Google support site.
This link is for a third-party site, and thus is subject to change at any time.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    App Management
    .
  5. Search by the application name
    F5 Access
    .
  6. Select the application and click
    User settings
    .
  7. Select an organization unit to which you want the settings to apply.
  8. In the
    Allow access to client certificates and keys
     area, click
    Override
     if you want to override the settings for the organization unit.
  9. Set
    Allow access to client certificates and keys
     to
    ON
    .
  10. Click
    Save
     to save the user settings.
Certificates are now allowed for F5 Access app users.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information