Using Conditional Access for Applications on Chromebooks

Read this page to learn how to access your company applications if they are protected by Portnox™ Conditional Access for Applications.

To access your protected company applications, you must do the following:

  • Get Portnox AgentP from the Play Store.

  • Log in to the Portnox AgentP app using your company credentials.

  • Select your certificate when accessing the company application through the browser.

These steps are described in detail in the sections below:

Note: This process shows the configuration of a Dell Chromebook with ChromeOS 122. The ChromeOS operating system on other devices may differ slightly.

Download and install Portnox AgentP

First, you must get the Portnox AgentP app from the Play Store. AgentP will communicate with Portnox Conditional Access and generate a profile for your Android device.

  1. Click on the icon of the Play Store app to open it.

  2. In the Play Store app, in the search field, type agentp and press the  ⏎  key.

  3. In the list of results, find the Portnox AgentP entry and click on this entry.

  4. On the Portnox AgentP screen, click on Install.

  5. After installtion is complete, click on Open.

Result: The Portnox AgentP is installed on your Chromebook.

Log in to Portnox AgentP using your company credentials

After you install the Portnox AgentP app, run it and log in to it using your regular company credentials.

  1. Optional: If you accidentally closed the Play Store, you can run AgentP by clicking on its icon in the Launcher.

  2. In the This app is designed for mobile window that appears after you run AgentP for the first time, click on Got it.

  3. After AgentP opens for the first time, give it requested permissions.
    Note: All these permissions except the ones marked as optional are necessary for AgentP operation. If you do not give these permissions, Conditional Access may not work correctly.
    1. In the Allow Location Services dialog, click on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. For example, your company may only allow you to access applications if you are in a certain location, such as a certain country or area. Since AgentP works in the background, it needs to know the location even when the app is not in use.

    2. In the Allow AgentP to access this device’s location? dialog, click on While using the app.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. For example, your company may only allow you to access applications if you are in a certain location, such as a certain country or area.

    3. In the Allow AgentP to access your contacts? dialog, click on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. AgentP will never manipulate the contacts on your device.

    4. In the Allow AgentP to make and manage your phone calls? dialog, click on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. AgentP will never make any calls on your behalf.

    5. In the Allow AgentP to access photos and media on your device? dialog, click on Allow.

      This permission is necessary for AgentP to be able to check if your device meets your company’s security policies. AgentP will never manipulate your photos or media on your device.

  4. On the Register your device screen, click on Corporate credentials.

  5. On the Corporate credentials screen, follow the steps depending on how you normally log in to your company applications.
    • If your company uses Microsoft Azure for its employees, click on Azure.
    • If your company uses Google Workspace for its employees, click on G Suite.
    • If your company uses Okta Workforce Identity for its employees, click on Okta.
    • If you don’t recall hearing any of these platform names before when logging in to your company apps, consult with your company’s IT support staff or enter your company email and password in the Domain\user or upn(email) and Password fields and then click on Activate.

    Important: The following steps and screenshots assume that your company uses Microsoft Azure, which is the most popular platform. These steps will look similar if your company uses other platforms.
  6. If your company uses Azure, on the Sign in screen, enter your business email address. Then, click on Next.

    Note: The screenshot above is an example, where your company name is Example and your company domain is example.com. Use your real business email address instead.

    Troubleshooting: If you see a button with your email address on it, it means you are already logged in to Microsoft Azure. Click on that button instead of entering your email address.

  7. If your company uses Azure, on the Enter password screen, enter the password that you normally use to access your company email and applications. Then, click on Sign in.

    Troubleshooting: If you cannot log in, and you are sure that your password is correct, go back to the Register your device step and try a different choice or ask your company’s IT support staff what platform your company uses to authenticate the employees.

  8. If your company uses Azure, and a Stay signed in? window appears, follow the company policy and/or your preferences to choose Yes or No.

    Note: Your choice will not affect your access to applications but if you choose No, you may have to log in again the next time you will be accessing the applications.
  9. Click on the AgentP notification or switch back to AgentP to continue enrollment.

  10. Optional: If AgentP shows an Connect to Wi-Fi networks? notification, it means that your company also uses AgentP to secure network access. Click on Allow to gain access to the protected Wi-Fi networks.
  11. In the Choose a certificate type dialog, select VPN & app user certificate and click on OK.

  12. In the Name this Certificate dialog, enter a name for the certificate, and then click on OK.

  13. Optional: If the Name the certificate dialog does not appear, click on   ≡  to open the menu and then click on Install certificate.

Result: You are logged in to Portnox AgentP.

Access the application using your certificate

After you log in to the Portnox AgentP application, you can access your online company resources that are protected by Portnox Conditional Access.

Note: In this example, we are logging in to the Atlassian Confluence/Jira application using the Chrome browser. The process is similar for all other applications protected using Portnox Conditional Access for Applications. We tested Conditional Access on the following ChromeOS browsers: Chrome, Brave, Vivaldi, Opera. Conditional Access is not supported by the following browsers due to the lack of access to system certificates: Firefox, Opera Mini.
  1. Open your company application.

    Proceed normally as if you were opening the application before it was protected using Portnox Conditional Access. For example, for Atlassian Confluence, you could type your_company.atlassian.net in your browser address field, where your_company is your company name.

  2. Enter your company email address or click on Conditional Access.

    • If the application login screen does not have a button that says Log in with Conditional Access or Log in with your company name, enter your business email address. This is an example for Atlassian Confluence/Jira:

    • If the application login screen has a button that says Log in with Portnox Conditional Access or similar, such as: Log in with your company name, click on this button. This is an example for Salesforce:

    • If the application has a button that says SSO, click on this button. This is an example for Zoom:

  3. In the Choose certificate dialog, select the certificate name that you chose earlier, and then click on Select.
    Note: Our application always attempts to select the certificate automatically so this window may not appear for you. If it appears, it means that our application was not able to select the certificate automatically, for example, due to there being more than one certificate or due to operating system or browser restrictions.

    Troubleshooting: If you have more than one certificate, try different certificates, or consult with your company’s IT support staff. If there are any errors, restart your browser. If that does not help, consult our troubleshooting guide.

Result: You can now access your company applications that are protected using Portnox Conditional Access for Applications.