Not at this time. Chromebooks would have to be manually provisioned. So you would generate a batch of DPSKs in that case, and manually assign them to the students. Still higher security than a straight pre-shared key, but of course not as convenient as zero-it.
Make sure you have selected the root of the organization. Then Select the "For devices" instead of the "For Users". It is right above the "Organizations".
Once all chromebooks got the authorized network and configuration.
You can disable the open wireless network from the controller.
in the BYOD schema, you can authorize access to this open wireless network only to get the configuration pushed to the chromebooks. Throttling the speed or giving access to only google.com domain and subdomains, but nothing else can be accessed.
The open network could also have a time out after half an hour of usage, the mac address is no longer accepted. This is enough to get the configuration pushed from the Google admin console to the chromebooks. For us it required only 3 minutes.