Manual Chapter : Deploying F5 Access with Chrome Enterprise

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 12.1.4, 12.1.3
Manual Chapter

Deploying F5 Access with Chrome Enterprise

Installing F5 Access with Chrome Enterprise

The Chrome Enterprise administrator can choose whether F5 Access is installed automatically for the organization unit, or whether users must install the app themselves.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Force-installed Apps and Extensions
    area, click
    Manage force-installed apps
    .
  7. Select
    Chrome Web Store
    in the left pane, and search by the application name
    F5 Access
    .
  8. Click
    Add
    in the
    F5 Access
    row.
  9. Click the
    Save
    button.
  10. Click
    Save
    to save the user settings.
F5 Access for Chrome OS is now configured to be automatically installed on user machines in the selected organization unit. See Set Chrome Policies for Users on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Making F5 Access available to users in Chrome Enterprise

The Chrome Enterprise administrator can make the F5 Access app available for users to download and install on their own devices.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Allowed Apps and Extensions
    area, select the allow or block policy stance.
    • If you select
      Allow all apps and extensions except the ones I block
      , users can install F5 Access with no further configuration.
    • If you select
      Block all apps and extensions except the ones I allow
      , specify that F5 Access is an allowed app. Select
      Chrome Web Store
      in the left pane, type
      F5 Access
      , add the
      F5 Access
      app, and click
      Save
      .
  7. Click
    Save
    to save the user settings.
Users can now download and install F5 Access for Chrome OS. See Set Chrome Policies for Users on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Recommending the F5 Access app to users in Chrome Enterprise

The Chrome Enterprise administrator can recommend the F5 Access app to users to download and install on their own devices.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Recommended Apps and Extensions
    area, click
    Manage
    .
  7. Select
    Chrome Web Store
    in the left pane, and search by the application name
    F5 Access
    .
  8. Click
    Add
    in the
    F5 Access
    row.
  9. Click
    Save
    to save the user settings.
Users now see the F5 Access app as a recommended app for their domain. See Set Chrome Policies for Users on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Specifying VPN configurations for F5 Access with Chrome Enterprise

The Chrome Enterprise administrator can specify VPN configurations to include with the F5 Access app.
Users cannot delete or modify VPN configurations added to the app by administrators.
  1. Create a text file in your text editor.
  2. Specify VPN configurations in the text file, with the required information.
  3. Save the text file.
The text file that contains VPN configurations can be uploaded to add those configurations to the F5 Access app.

VPN policy file specification for F5 Access

This is the file specification for the file you create to upload VPN configurations to F5 Access with Chrome Enterprise.
{ "type":"object", "properties":{ "Configurations":{ "type":"array", "items":{ "type":"object", "properties":{ "name":{ "type":"string" }, "server":{ "type":"string" }, "weblogon":{ "type":"boolean" }, "certificate":{ "type":"object", "properties":{ "issuer":{ "type":"object", "properties":{ "CN":{ "type":"string" } } } } } } } } } }

VPN policy settings for F5 Access with Chrome Enterprise

These settings can be configured in the VPN policy for F5 Access with Chrome Enterprise.
Policy setting
Description
name
(Required) The name of VPN configuration.
server
(Required) The URL of the BIG-IP® server.
weblogon
(Optional) Specify this value as
true
to enable Web authentication mode. This is set to
false
by default.
certificate/issuer/CN
(Optional) The Common Name of the certificate authority that issued client certificate. Use this to auto-select a client certificate from the device certificate store.

Example VPN policy for F5 Access with Chrome Enterprise

These settings can be configured in the VPN policy for F5 Access with Chrome Enterprise.
{ "Configurations": { "Value": [ { "name": "DemoVPN1", "server": "https://myvpn.server.company.com", "weblogon": false "certificate": { "issuer": {"CN":"DemoIssuerCA"} } }, { "name": "DemoVPN2", "server": "https://myvpn2.server.company.com", "weblogon": true }, { "name": "DemoVPN3", "server": "https://myvpn3.server.company.com", } ] } }

Uploading a VPN policy file in Chrome Enterprise

Install a VPN configuration file through App Management in Chrome Enterprise.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    App Management
    .
  5. Search by the application name
    F5 Access
    .
  6. Select the application and click
    User settings
    .
  7. Select an organization unit to which you want the settings to apply.
  8. Click
    Upload configuration file
    , and select the policy file to upload.
  9. Click
    Save
    to save the user settings.
The VPN configuration file now applies to the F5 Access app. See Manage Chrome Apps individually on the Google support site for additional information.
This link is for a third-party site, and thus is subject to change at any time.

Increasing security by disabling Chrome Developer Tools

We recommend that you disable Chrome Developer Tools in the F5 Access app to avoid potential security risks.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Developer Tools
    area, click
    Never allow use of built-in developer tools
    .
  7. Click
    Save
    to save the user settings.
Chrome Developer Tools are now disabled in the F5 Access app.

Increasing security by locking the device screen when idle

We recommend that you enable the device screen lock policy for the F5 Access app to avoid potential security risks.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    User settings
    .
  5. Select an organization unit to which you want the settings to apply.
  6. In the
    Screen Lock
    area, click
    Always automatically lock screen on idle
    .
  7. Click
    Save
    to save the user settings.
The device screen lock policy is now enforced for F5 Access app users.

Providing certificate access to F5 Access users

F5 Access for Chrome OS can authenticate with client certificates to the BIG-IP®Access Policy Manager®. Such client certificates must be pre-installed on Chrome devices in order to be available to F5 Access. Chrome Enterprise administrator has to allow access to the enterprise certificates and keys to F5 Access.
For more information, see Manage certificates on the Google support site.
This link is for a third-party site, and thus is subject to change at any time.
  1. Sign in to the Chrome Enterprise Admin console.
  2. Click
    Device Management
    .
  3. Click
    Chrome Management
    .
  4. Click
    App Management
    .
  5. Search by the application name
    F5 Access
    .
  6. Select the application and click
    User settings
    .
  7. Select an organization unit to which you want the settings to apply.
  8. In the
    Allow access to client certificates and keys
    area, click
    Override
    if you want to override the settings for the organization unit.
  9. Set
    Allow access to client certificates and keys
    to
    ON
    .
  10. Click
    Save
    to save the user settings.
Certificates are now allowed for F5 Access app users.