WebTitan

Deploying OTG 2 for Chromebooks

Ensure you have read these topics before installing WebTitan OTG 2 for Chromebooks:

Then, follow the steps below to deploy OTG 2 for Chromebooks using Google Workspace. As a best practice, always test your deployment using a limited test group with just one or two users first before full deployment.

  1. Log into your Google Workspace account with administrative access.

  2. From the main menu, go to Directory > Organizational units and ensure you have created the organizational unit (OU), or units, to which you are deploying OTG 2 for Chromebooks. The example here shows two OUs - one for deploying to all students and one for teaching staff:

    OTG-CB-ou-layout.jpg

    For more information on how the organizational structure work in Google Workspace, see https://support.google.com/a/answer/4352075 external_link.png.

  3. Upload the .pem WebTitan certificate to Google Workspace. See Importing a WebTitan TLS Root Certificate in Google Workspace.

  4. Follow these steps to add the WebTitan OTG app to the OU from the Google PlayStore:

    • From the main menu go to Devices > Chrome > Apps & Extensions.

      OTG-CB-apps-extensions-page_censored.jpg
    • In the left pane, select the OU you want this app to be available to (a child OU inherits access to apps from its parent OU).

    • Click OTG-CB-yellow-plus.jpg in the bottom right of the screen and select the Add from Google play OTG-CB-yellow-play-store.jpg button.

    • Search the Google PlayStore for "WebTitan OTG" (public app). When searching, include double quotes as shown:

      OTG-CB-search-google-play.jpg
    • Select the app to add it to the list of apps available to your OU.

  5. Click on the WebTitan OTG app to add the app configuration:

    OTG-CB-ou-app-list_censored.jpg
    • To the right of the app, enter this JSON configuration but with the parameters below edited with your WebTitan Cloud details:

      {

      "install_key": "00000z0z-0zz0-0000-zz0z-0zz000z0zz0z",

      "rpc_url": "https://mycloud.webtitancloud.com:7771"

      }

    • install_key: This is your OTG install key and is used to register an OTG device on your WebTitan Cloud. You can get this in your WebTitan Cloud from Settings > Account > OTG Install Key.

    • rpc_url: The URL of your WebTitan Cloud instance. The RPC port is always port 7771 and is automatically added if not included in the RPC_URL parameter. The following formats are accepted:

      • mycloud.webtitancloud.com

      • mycloud.webtitancloud.com:7771

      • https://mycloud.webtitancloud.com

      • https://mycloud.webtitancloud.com:7771

      • https://mycloud.webtitancloud.com:7771/

    There are also a number of optional parameters you can use during installation. See OTG 2 for Chromebooks Installation Parameters.

  6. Click the down arrow to the right of the WebTitan OTG app and select Force install. Click Save in the top right of the screen to save this setting.

    OTG-CB-select-force-install2.jpg
  7. Go to Devices > Chrome > Settings > Users & browsers. Ensure you have the correct OU selected, then edit the three settings below.

    Tip

    Quickly locate a setting by typing the exact setting name into the Search or add a filter field.

    OTG-CB-setting-search-bar.jpg
    1. Always on VPN: Select the WebTitan OTG app here and ensure Do not allow users to disconnect from a VPN manually is selected.

    2. DNS-over-HTTPS: Set the mode to Disable DNS-over-HTTPS.

    3. Built-in DNS client: Set to Never use the built-in DNS client.

Once deployed, the best way to validate rollout is to check that all devices and associated users have been added to your WebTitan Cloud.