Set up your MDM account: Google Workspace

To use Google Workspace with the Destiny Resource Manager Mobile Device Management (MDM) Integration feature, you need to do some setup.

Setup Prerequisites

  1. First, you must create a Google Workspace for Education service account that gives Read access to Chrome OS devices and organizational units.

    Follett requires the following scopes:

    • https://www.googleapis.com/auth/admin.directory.device.chromeos

    • https://www.googleapis.com/auth/admin.directory.user.readonly

    • https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly

    • https://www.googleapis.com/auth/admin.directory.orgunit.readonly

    • https://www.googleapis.com/auth/admin.reports.audit.readonly

  2. To enable Autosync reporting, under Console Privileges, select the Reports checkbox.
    Note: If you do not select the Reports checkbox, you will not be able to complete the Autosync setup in Destiny Resource Manager.
  1. Once the Google Workspace for Education service account is created, a JavaScript Object Notation (JSON) key is generated for that service account.  

    Note: Save the exported JSON key from the Google Workspace for Education service account. This is used when you configure Google Workspace connectivity.

  2. Create a new Follett user in Google Workspace for Education. After the user is added, navigate to that user's record and scroll down to ASSIGN ROLES in the Admin Roles and Privileges section. Create a custom role, and assign the following privileges:  
    • Admin API privileges: Org Units > Read.
    • Admin Console privileges: Chrome OS > Settings > Manage Devices.

    An email address is generated for the new user account.

Note: When creating a Workspace user, it may take up to 24 hours for the new user's Google account with permissions to become active. Save the email address for this user account, as it is needed when you configure Google Workspace connectivity.

Important: Log into this user’s account once, and accept the terms and conditions. Some districts synchronize user data in Google Workspace for Education with a different system, such as Active Directory. In the past, such processes have removed the required Follett user and subsequently broken the Google Workspace for Education integration with Destiny Resource Manager. Ensure that the Follett user created is not removed or altered via a recurring synchronization with an outside system.