New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 642059 link

Starred by 64 users
Status: Verified
Owner:
zmin@chromium.org
Closed: Mar 2018
Cc:
ajha@chromium.org
msnoxell@chromium.org
pucchakayala@chromium.org
georgesak@chromium.org
blumberg@chromium.org
gbirtchnell@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Feature

Blocking:
issue 175880


Show other hotlists

Hotlists containing this issue:
My-Hotlist-Name
my-follow-list
Chrome-Enterprise
Hotlist-1


Sign in to add a comment

Implement force sign in

Project Member Reported by zmin@chromium.org, Aug 29 2016 
Create a group policy to make sure user sign in to Chrome before using it.

Comment 2 by zmin@chromium.org, Aug 29 2016

Labels: -Type-Launch Type-Feature
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 23 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c105747d69ec6c66856327ba51765ab6e628e0f3

commit c105747d69ec6c66856327ba51765ab6e628e0f3
Author: zmin <zmin@chromium.org>
Date: Fri Sep 23 20:19:06 2016

Display local signin error without browser and record the path of selected profile in user manager.

BUG= 642059 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2351173004
Cr-Commit-Position: refs/heads/master@{#420713}

[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/resources/signin/signin_error/signin_error.js
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/user_manager.h
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/views/profiles/user_manager_view.cc
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/views/profiles/user_manager_view.h
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/webui/signin/signin_error_handler.cc
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/webui/signin/signin_error_handler.h
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/webui/signin/signin_error_ui.cc
[modify] https://crrev.com/c105747d69ec6c66856327ba51765ab6e628e0f3/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

Comment 5 by scunning...@chromium.org, Sep 23 2016

Cc: pucchakayala@chromium.org
Owen, please include unittests for new policies. And, if possible, write integration tests, using browsertest.

Comment 6 by zmin@chromium.org, Sep 24 2016 

Hi Scott,

This feature is still under development and the core components haven't been finished yet. For policy, the only committed thing is coping value to pref which has been tested by policy_test_cases.json. Yes, there will be more test cases added in the following CLs.
Project Member

Comment 8 by bugdroid1@chromium.org, Oct 7 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/438598fc3ff38423311a37341023690405bc34a0

commit 438598fc3ff38423311a37341023690405bc34a0
Author: zmin <zmin@chromium.org>
Date: Fri Oct 07 16:29:47 2016

Display signin dialog with system profile after the last profile being deleted when force signin enabled.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2392953002
Cr-Commit-Position: refs/heads/master@{#423879}

[modify] https://crrev.com/438598fc3ff38423311a37341023690405bc34a0/chrome/browser/ui/webui/profile_helper.cc
Project Member

Comment 9 by bugdroid1@chromium.org, Oct 17 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/119da1a794947d78510019d2d66408b8aff154ce

commit 119da1a794947d78510019d2d66408b8aff154ce
Author: zmin <zmin@chromium.org>
Date: Mon Oct 17 21:33:30 2016

Mac: Support UserManager::DisplayErrorMessage(),  ShowSigninDialog() and GetSigninProfilePath().

DisplayErrorMessage() is needed to display the signin error without a browser
window.
ShowSigninDialog() allows fresh signin with the UserManager.
GetSigninProfilePath() returns the path of selected profile after fresh signin.

It was implemented for other platforms in r420713."

TEST=Manual
1) Enable FormceBrowserSignin policy.
2) Launch Chrome and open UserManager.
3) Login dialog should be opened while new profile is added or the last profile is deleted.
4) Local signin error (i.e. email doesn't match RestrictSigninToPattern policy) should be displayed without browser window.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2411033006
Cr-Commit-Position: refs/heads/master@{#425781}

[modify] https://crrev.com/119da1a794947d78510019d2d66408b8aff154ce/chrome/browser/ui/cocoa/profiles/user_manager_mac.h
[modify] https://crrev.com/119da1a794947d78510019d2d66408b8aff154ce/chrome/browser/ui/cocoa/profiles/user_manager_mac.mm
[modify] https://crrev.com/119da1a794947d78510019d2d66408b8aff154ce/chrome/browser/ui/webui/profile_helper.cc
[modify] https://crrev.com/119da1a794947d78510019d2d66408b8aff154ce/chrome/browser/ui/webui/signin/signin_create_profile_handler.cc
[modify] https://crrev.com/119da1a794947d78510019d2d66408b8aff154ce/chrome/browser/ui/webui/signin/signin_error_ui.cc
[modify] https://crrev.com/119da1a794947d78510019d2d66408b8aff154ce/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

Comment 10 by ajha@chromium.org, Oct 21 2016

Cc: ajha@chromium.org
Labels: Needs-Feedback
zmin@: Could you please help in verifying this fix on Mac. Didn't find any sign in policy or force-sign in related flag under chrome://flags.

Tried launching the chrome version: 56.0.2897.0 from terminal by passing --enable-ForceBrowserSigninpolicy as well but didn't observe any difference b/w build w/o the CL from C#9(56.0.2890.0) or build with the CL(56.0.2897.0).

Please let us know where >Enable FormceBrowserSignin policy, can be found on Mac.

Appreciate your help!

Comment 11 by zmin@chromium.org, Oct 21 2016 

Hi Amit,

force signin is a feature for the enterprise user so it's controlled by group policy. And there is no way to enabled it via flag or terminal switcher.
https://cs.chromium.org/chromium/src/components/policy/resources/policy_templates.json?q=ForceBrowserSignin+file:.json&sq=package:chromium&l=8056&dr=C

Note that this feature hasn't been finished yet.
Project Member

Comment 12 by bugdroid1@chromium.org, Nov 2 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/965d98c5622ab9b542966730cba35dc530b7a7da

commit 965d98c5622ab9b542966730cba35dc530b7a7da
Author: zmin <zmin@chromium.org>
Date: Wed Nov 02 22:50:33 2016

Override SigninManager::SignOut if force-signin is enabled.

When force-signin is enabled, all browser windows will be closed before sign out. If window closing is aborted by the user, the signout will be aborted too. Otherwise, the profile will be signed out and locked. Then UserManager will be shown.
Also skip the sync confirmation dialog if user signs in with a corp account and creates a new profile for the it.

BUG= 642059 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2442843002
Cr-Commit-Position: refs/heads/master@{#429434}

[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/chrome/browser/signin/chrome_signin_client.h
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/chrome/browser/signin/chrome_signin_client_unittest.cc
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/chrome/browser/ui/sync/one_click_signin_sync_starter.cc
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/chrome/browser/ui/sync/one_click_signin_sync_starter.h
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/components/signin/core/browser/signin_client.cc
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/components/signin/core/browser/signin_client.h
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/components/signin/core/browser/signin_manager.cc
[modify] https://crrev.com/965d98c5622ab9b542966730cba35dc530b7a7da/components/signin/core/browser/signin_manager.h
Project Member

Comment 13 by bugdroid1@chromium.org, Nov 8 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5db87096a32b73bd2aaca04710152de495ba50ea

commit 5db87096a32b73bd2aaca04710152de495ba50ea
Author: zmin <zmin@chromium.org>
Date: Tue Nov 08 20:21:35 2016

Lock profile before sign in when force sign in is enabled.
1) New profile attributes of profile locking
2) Block cross account sign in and bypass confirm dialog.
3) Postpone browser window creation after sign in
4) Show error message within the sign in dialog.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2478173003
Cr-Commit-Position: refs/heads/master@{#430699}

[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/app/chromium_strings.grd
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/app/google_chrome_strings.grd
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/profiles/profile_attributes_entry.cc
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/profiles/profile_attributes_entry.h
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/signin/chrome_signin_client.h
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/signin/chrome_signin_client_unittest.cc
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/ui/webui/signin/inline_login_handler_impl.h
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/ui/webui/signin/inline_login_ui_browsertest.cc
[modify] https://crrev.com/5db87096a32b73bd2aaca04710152de495ba50ea/chrome/browser/ui/webui/signin/login_ui_service.cc
Project Member

Comment 15 by bugdroid1@chromium.org, Nov 18 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f20f77c5f05c4db5c09ad5bb421b23e5f1e1029c

commit f20f77c5f05c4db5c09ad5bb421b23e5f1e1029c
Author: zmin <zmin@chromium.org>
Date: Fri Nov 18 04:43:49 2016

Allow adding user and launching guest mode when all profiles are lock while force sign in is enabled.

Guest mode is desgined for the use case that all profiles are locked when force signed in is enabled. So that user can still use it to look for help from helpdesk with out sign in. It's off by default and can only be turned on via policy.
Allow adding user when all profiles are locked so that user can create and sign in a new profile while the existed ones have been used by other account.

BUG= 642059 
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2507873003
Cr-Commit-Position: refs/heads/master@{#433112}

[modify] https://crrev.com/f20f77c5f05c4db5c09ad5bb421b23e5f1e1029c/chrome/browser/resources/md_user_manager/control_bar.js
[modify] https://crrev.com/f20f77c5f05c4db5c09ad5bb421b23e5f1e1029c/chrome/browser/ui/webui/signin/md_user_manager_ui.cc
[modify] https://crrev.com/f20f77c5f05c4db5c09ad5bb421b23e5f1e1029c/chrome/test/data/webui/md_user_manager/control_bar_tests.js
Project Member

Comment 17 by bugdroid1@chromium.org, Dec 5 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4ea202a58ee2c14f187d219922721fe5d6bf95fc

commit 4ea202a58ee2c14f187d219922721fe5d6bf95fc
Author: zmin <zmin@chromium.org>
Date: Mon Dec 05 18:49:01 2016

Fix Check failure in ProfileManager when force-sign-in is enabled and last used profile is supervised user

BUG= 670820 
BUG= 642059 

Review-Url: https://codereview.chromium.org/2547083004
Cr-Commit-Position: refs/heads/master@{#436365}

[modify] https://crrev.com/4ea202a58ee2c14f187d219922721fe5d6bf95fc/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/4ea202a58ee2c14f187d219922721fe5d6bf95fc/components/signin/core/browser/signin_manager.cc
Project Member

Comment 19 by bugdroid1@chromium.org, Dec 9 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fe95cd62038b43250648d0b108a14a9f4198e530

commit fe95cd62038b43250648d0b108a14a9f4198e530
Author: zmin <zmin@chromium.org>
Date: Fri Dec 09 22:08:16 2016

Display error message when user try to open a locked supervised user profile when force-sign-in is enabled.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2552473002
Cr-Commit-Position: refs/heads/master@{#437668}

[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/app/generated_resources.grd
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/cocoa/profiles/user_manager_mac.h
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/cocoa/profiles/user_manager_mac.mm
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/user_manager.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/user_manager.h
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/views/profiles/user_manager_view.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/views/profiles/user_manager_view.h
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/profile_helper.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/inline_login_handler.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/login_ui_service.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/signin_create_profile_handler.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/signin_error_handler.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/signin_error_ui.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/signin_supervised_user_import_handler.cc
[modify] https://crrev.com/fe95cd62038b43250648d0b108a14a9f4198e530/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

Comment 21 by blumberg@chromium.org, Dec 14 2016

Blocking: 175880
Project Member

Comment 22 by bugdroid1@chromium.org, Dec 22 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/71e0cb4481bac77367c53ea9c2a8b324c410c5dc

commit 71e0cb4481bac77367c53ea9c2a8b324c410c5dc
Author: zmin <zmin@chromium.org>
Date: Thu Dec 22 20:12:57 2016

Disable --load-and-launch-app, --load-apps and --cloud-print-file if last_used_profile is not available.

When last profile is locked, --load-and-launch-app or --load-apps will cause Chrome crash while --cloud-print-file will quit Chrome quietly.
Disable these three options so that the UserManager can be shown and user can unlock the profile.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2582123002
Cr-Commit-Position: refs/heads/master@{#440485}

[modify] https://crrev.com/71e0cb4481bac77367c53ea9c2a8b324c410c5dc/chrome/browser/ui/startup/startup_browser_creator.cc

Comment 23 by blumberg@chromium.org, Jan 19 2017

Cc: blumberg@chromium.org

Comment 24 by colin.jo...@service.nsw.gov.au, Jan 21 2017 

Hi blumberg and zmin, is there any sense of how much more effort is involved before this new feature can be tested?

Also, zmin in comment 11 you mention it will be controlled by group policy. Were you referring to windows GPO with an admx extension, or did you mean within the Chrome device admin console?

Col

Comment 25 by stepheng...@amplifiedit.com, Jan 22 2017 

re: comment#24 OS = Windows, Linux, Mac - so GPO/plist.  Chromebooks already have this functionality.

Preventing signing out/adding additional accounts is a completely different issue.

Comment 26 by colin.jo...@service.nsw.gov.au, Jan 23 2017 

@stephen comment#25

I wasn't referring to Chromebooks, just the chrome management console, which can push out config to Windows based Chrome browsers as well. Hence the question, would this new feature be in the console, as an option to push out forced profile sign in to Windows/Chrome browsers, or in a Windows GPO. I think either is possible, but it seems you and the chromium guys are saying it will be a GPO. Which is fine, happy with either!

I wasn't referring to signout at all.

My use case is a large number of Chrome devices, and a large number of Windows devices. In an effort to leverage more and more GAFW functionality in our Windows environment, we'd like to encourage staff to login on Windows/Chrome so they start getting the benefit of some SSO/SAML capabilities already used in our Chrome device environment, shared/portable bookmarks/passwords, etc. Only we cannot be confident that the staff will remember to do this, or that they haven't already done this with personal gmail accounts. So we are trying to find mechanisms to do this, like chrome.exe command line switches, scripting, etc. But a GPO would be a boon for us - especially if it allowed us to override any other personal profiles already existing.

Thx

Comment 27 by georgesak@chromium.org, Feb 15 2017 

@26

Forced sign in will be a GPO policy that you need to set to enable it. Combined with RestrictSigninToPattern, you can force users to sign in and only with valid domains.

Making Forced sign in a cloud policy is not useful, as until the user is signed in, these policies are not enforced. And that would include the forced sign in policy.

Comment 28 by js...@mhs-ict.co.uk, Feb 15 2017 

I am really keen to try this out, controlling access in a Windows env is a pain. Much easier through the Google Admin console

Comment 29 by rob...@bsn.ie, Feb 15 2017 

What about non-Microsoft environments. I just want to be able to ensure that users are logged into Chrome before logging into G Suite. We have no MS in our shop. What can we do if it is only a GPO policy implementation? (Environment is G Suite and Chrome only)

Comment 30 by js...@mhs-ict.co.uk, Feb 16 2017 

Do you mean you are using Chromebooks/boxes/bases?

Comment 31 by martijn....@randstadholding.com, Feb 16 2017 

Confused because of the continued reference to GPO. Are we talking about (quoted from Product Strategy team response):

"We are currently working on a new policy to force users to login before the Chrome browser can be used. This will allow IT admins to configure policies in the Admin console and manage all browser instances - even on win/mac/lin. We are planning to launch tentatively in Q1 2017."

Comment 32 by blumberg@chromium.org, Feb 16 2017

Cc: georgesak@chromium.org
Labels: -Needs-Feedback
Regarding timing: Due to unforeseen circumstances, this feature is going to slip in to Q2.  

To clarify how this will work:

The goal is to allow customers to use the Admin Console to manage Chrome across platforms (eg, Chrome on Windows & Chrome OS and other operating systems) with the same policies by leveraging our cloud policy infrastructure (admin.google.com). On non-Chrome OS platforms, the issue has been that there is no way to force users to sign in to Chrome before they can use the product making it impossible to ensure that policies will be enforced unless they are configured and deployed via GPO. 

The reason we are mentioning GPOs is due to the fact that this feature (in v.1) will be enabled/enforced via local policy (ex: GPO). If the IT admin does not configure this new policy, things will remain as they are today. If they choose to enable this policy and have a sign-in restriction pattern configured, they can make Chrome unusable until the user signs-in with the specified account (example: *@mycompany.com) which has user policies configured via admin.google.com.
 
Keep in mind that cloud policies that are applied via a signed-in-Chrome user and are are not applied as 'system level' policies as GPOs can be configured to be today. Because of that limitation, a local group policy/configuration to enforce sign-in which is configured at the system/device level will ensure that no matter which user is logged in to Windows, they will have policy enforced.

To summarize, today if you want to ensure users are running Chrome with policies applied, they must be deployed on Windows,Mac and Linux via device management (group policy, plist etc). We have heard feedback from many customers that they would like to use our admin.google.com console to configure policy but cannot do so due to the lack of ability enforce that the user is signed in.  Once this feature launches, you will only need to configure 2 local device policies : (1) Enable forced sign-in (2) restrict sign in pattern.  Beyond that, everything else can be controlled from the admin console.

Hope this clarifies your understanding.

Comment 33 by tdearb...@district106.net, Feb 16 2017 

Thank you for clarifying. This is exactly what we (or at least I) am looking for.

Comment 34 by gbirtchnell@chromium.org, Feb 20 2017

Cc: gbirtchnell@chromium.org

Comment 35 by rob...@bsn.ie, Feb 20 2017 

What if I log into Chrome or Chrome OS with my ordinary gmail account (no policy applied) then proceed from there to add an account to access my G Suite environment. Am I not now in G Suite, accessing data, doing whatever I want with no policy applied? What I really want (and I think others do too) is that if I am accessing my G Suite domain, then I must be logged into Chrome with my G Suite domain id (email) and Chrome must be running my G Suite domain policies. Will this new feature ensure that level of enforcement?

Comment 36 by martijn....@randstadholding.com, Feb 23 2017 

What I read is that you still need some sort of management on the local device to ensure Chrome browser sign-in. So at least v1 would not solve anything for Chrome browser on a users home / BYO device (that yuo do not have control over). I hoped the goal was: "Ensure the G Suite environment is only logged into by a browser that is logged in / abides policy). Am I mistaken?

Comment 37 by js...@mhs-ict.co.uk, Feb 23 2017 

How could you force someone to be logged into your GSuite domain when using a BYO device from withing Chrome? 

If you want to do that then I would suggest that that is a function of the network or network filter that would only allow access if logged into the domain.

Or are you talking about it being like that on a Chromebook that would only allow you to log into the domain of choice whenever/wherever you are?

Comment 38 by steve@dyntech.co.uk, Feb 23 2017 

It's not that you force them to be signed into your domain but when they attempt to you recognise they an enterprise user, validate they are using Chrome, ensure their profile (person) is the enterprise account that's linked with all policies you've set for that users ou. This is not what v1 is meant to achieve but its something to think about for a next step.

Comment 39 by stepheng...@amplifiedit.com, Feb 23 2017 

I believe there is a feature request for that functionality
​ found here - http://crbug.com/547427​

On Feb 23, 2017 2:47 PM, "st… via monorail" <monorail+v2.1683324364@
chromium.org> wrote:
Project Member

Comment 40 by bugdroid1@chromium.org, Feb 27 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d00656ece1ae3378d3206cb5aca23d4566158b6d

commit d00656ece1ae3378d3206cb5aca23d4566158b6d
Author: zmin <zmin@chromium.org>
Date: Mon Feb 27 22:50:05 2017

Only show UserManager and sign in dialog after profile deleting if fallback profile is locked, when force-sign-in policy is enabled.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2715543004
Cr-Commit-Position: refs/heads/master@{#453369}

[modify] https://crrev.com/d00656ece1ae3378d3206cb5aca23d4566158b6d/chrome/browser/ui/webui/profile_helper.cc
Project Member

Comment 41 by bugdroid1@chromium.org, Mar 15 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9ea988f681de3e681c720e6046ceea96a0659783

commit 9ea988f681de3e681c720e6046ceea96a0659783
Author: zmin <zmin@chromium.org>
Date: Wed Mar 15 21:05:49 2017

Add Browser::SkipCallBeforeUnload so that the browser windows can be closed regardless of beforeunload events.

This function will be used when force-sign-in policy is enabled. When the auth token become invalid, this policy
will close all browser windows, sign out user and display UserManager. Implement this function so that the window
closing process won't be blocked by the webpage contains onbeforeunload event.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2681203002
Cr-Commit-Position: refs/heads/master@{#457206}

[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/lifetime/browser_close_manager.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/profiles/profile_manager.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/profiles/profile_window.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/BUILD.gn
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/browser.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/browser.h
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/browser_list.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/browser_list.h
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/fast_unload_controller.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/fast_unload_controller.h
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/startup/startup_browser_creator_corrupt_profiles_browsertest_win.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/unload_controller.cc
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/unload_controller.h
[add] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/unload_controller_web_contents_delegate.cc
[add] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/ui/unload_controller_web_contents_delegate.h
[modify] https://crrev.com/9ea988f681de3e681c720e6046ceea96a0659783/chrome/browser/unload_browsertest.cc
Project Member

Comment 42 by bugdroid1@chromium.org, Mar 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d36229e8166288e84af7485819ceeb1a347465a9

commit d36229e8166288e84af7485819ceeb1a347465a9
Author: zmin <zmin@chromium.org>
Date: Thu Mar 16 16:14:51 2017

1) Sign out profile when local_state auth info is overridden by Preferences
2) Create force-sign-in policy cache
3) Trigger ProfileIsSigninRequriedChanged() when profile is locked/unlocked due to force sign in policy.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2712883005
Cr-Commit-Position: refs/heads/master@{#457452}

[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/BUILD.gn
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/profiles/profile_attributes_entry.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/profiles/profile_attributes_storage_unittest.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/profiles/profile_info_cache.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/profiles/profile_info_cache.h
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/profiles/profile_manager.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/chrome_signin_client.h
[add] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/signin_util.cc
[add] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/signin_util.h
[add] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/signin_util_unittest.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/token_revoker_test_utils.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/signin/token_revoker_test_utils.h
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/chrome/test/BUILD.gn
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/components/signin/core/browser/signin_client.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/components/signin/core/browser/signin_client.h
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/components/signin/core/browser/signin_manager.cc
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/components/signin/core/browser/signin_metrics.h
[modify] https://crrev.com/d36229e8166288e84af7485819ceeb1a347465a9/tools/metrics/histograms/histograms.xml

Comment 43 by felix....@grabtaxi.com, Mar 23 2017 

Is this feature implemented? I have a request in my company to have this exact thing setup.

Comment 44 by martijn....@randstadholding.com, Mar 23 2017 

Re: comment 38, confirmed: block access from any browser that is NOT signed in with the relevant domain's user account. Not sure how this v1 would grow into that functionality easily though. As long as the G Suite login side doesn't have a way to detect profile and block if missing it would still let every browser in.
Project Member

Comment 45 by bugdroid1@chromium.org, Mar 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/82a6458a23cf1be17524e2d329e8f1c5668acb22

commit 82a6458a23cf1be17524e2d329e8f1c5668acb22
Author: zmin <zmin@chromium.org>
Date: Fri Mar 24 15:53:02 2017

Make the chrome://signin-error accessiable by the incogtino System Profile.

chrome://signin-error will be used by the profile of UserManager when force-sign-in policy
is enabled so that the sign in error can be shown without opening browser window.

Before:
https://drive.google.com/open?id=0B7mk_V3OvgKRREY3cTBKSjdxSGc
After:
https://drive.google.com/open?id=0B7mk_V3OvgKRbFUwRmt4VVFRZ2c

BUG= 642059 
BUG= 679265 

Review-Url: https://codereview.chromium.org/2769273002
Cr-Commit-Position: refs/heads/master@{#459436}

[modify] https://crrev.com/82a6458a23cf1be17524e2d329e8f1c5668acb22/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc
Project Member

Comment 46 by bugdroid1@chromium.org, Mar 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/49f6220a80ff68d06c6c1c5179d0e494e0b8ad00

commit 49f6220a80ff68d06c6c1c5179d0e494e0b8ad00
Author: zmin <zmin@chromium.org>
Date: Fri Mar 24 18:58:58 2017

Allow sign in while browser is opened when force-sign-in policy is enabled.

Because force-sign-in policy won't force browser window closing before sign out when user is using Chrome,
force-sign-in policy will support sign in with browser opened.
Also add some browser test.

BUG= 642059 
BUG= 681230 
BUG= 682661 
BUG= 686743 

Review-Url: https://codereview.chromium.org/2760423002
Cr-Commit-Position: refs/heads/master@{#459501}

[modify] https://crrev.com/49f6220a80ff68d06c6c1c5179d0e494e0b8ad00/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
[modify] https://crrev.com/49f6220a80ff68d06c6c1c5179d0e494e0b8ad00/chrome/browser/ui/webui/signin/inline_login_handler_impl.h
[modify] https://crrev.com/49f6220a80ff68d06c6c1c5179d0e494e0b8ad00/chrome/browser/ui/webui/signin/inline_login_ui_browsertest.cc
Project Member

Comment 47 by bugdroid1@chromium.org, Apr 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/39fcf953558ac53836206883f1506638cd61a20a

commit 39fcf953558ac53836206883f1506638cd61a20a
Author: zmin <zmin@chromium.org>
Date: Tue Apr 11 14:43:35 2017

Add ForceSigninVerifier.

It will verify the auth token when a profile is loaded into memory via gaia server.
It only works when force-sign-in policy is enabled.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2802373002
Cr-Commit-Position: refs/heads/master@{#463627}

[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/BUILD.gn
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/chrome_signin_client.h
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/chrome_signin_client_unittest.cc
[add] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/force_signin_verifier.cc
[add] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/force_signin_verifier.h
[add] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/force_signin_verifier_unittest.cc
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/signin_util.cc
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/signin_util.h
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/browser/signin/signin_util_unittest.cc
[modify] https://crrev.com/39fcf953558ac53836206883f1506638cd61a20a/chrome/test/BUILD.gn

Comment 48 by scasalde...@gmail.com, Apr 21 2017 

Re:Comment 32
Thanks for the great explanation.

But I have two questions:
- How can we deal with users connecting from their own PCs, so no Windows policy being pushed to the machine?

- If this is enabled, users will only be able to access mail.google.com using their corporate accounts? I mean, they will only be able to see their gmail information, or for contractors their own Google company email, if they add that account to the corporate account?
We would love to have this feature of managing Chrome settings across platforms with Control Panel only. But we will miss to be able to have for example, one Chrome profile for the corporate account; and other for gmail with their own bookmarks (or for the Google company of contractors).
Could we enforce somehow that if they sign in to GMail for example with their corporate Google account, they need to sign in to Google only on that Chrome profile?

Comment 49 by jones1...@gmail.com, Apr 30 2017 

I am also waiting to see updates on this setting. It would be most helpful for my school district. Please advise. Thank you.

Comment 50 by sae...@glencoeschools.org, May 15 2017 

Looking forward to this as well. From what it sounds like we will need to configure a plist (on mac) to force the sign-in required component which makes sense because we can't manage a user until they sign in. Would be happy to test and provide feedback.
Project Member

Comment 51 by bugdroid1@chromium.org, Jun 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4dc68137b9724480cf6e055d24cbff75458a114e

commit 4dc68137b9724480cf6e055d24cbff75458a114e
Author: zmin <zmin@chromium.org>
Date: Thu Jun 08 23:51:40 2017

If force-sign-in policy is enabled,  popup warning dialog before window closing if auth token become invalid.

Screenshots:
https://goo.gl/photos/3KiQsSAPTse5brR89
https://goo.gl/photos/1jdyC86dSSyZVdi8A

BUG= 642059 

Review-Url: https://codereview.chromium.org/2862653002
Cr-Commit-Position: refs/heads/master@{#478124}

[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/app/chromium_strings.grd
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/app/generated_resources.grd
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/app/google_chrome_strings.grd
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/browser/ui/BUILD.gn
[add] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/browser/ui/views/browser_modal_dialog_unittest.cc
[add] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/browser/ui/views/profiles/forced_reauthentication_dialog.cc
[add] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/browser/ui/views/profiles/forced_reauthentication_dialog.h
[add] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/browser/ui/views/profiles/forced_reauthentication_dialog_browsertest.cc
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/browser/ui/webui/signin/inline_login_handler.cc
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/chrome/test/BUILD.gn
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/components/signin/core/browser/signin_metrics.h
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/tools/metrics/actions/actions.xml
[modify] https://crrev.com/4dc68137b9724480cf6e055d24cbff75458a114e/tools/metrics/histograms/enums.xml

Comment 52 by jones1...@gmail.com, Jun 9 2017 

Thank you for this feature. I do not see what syntax I am supposed to use
to implement it.

Comment 53 Deleted

Comment 54 by stepheng...@amplifiedit.com, Jun 20 2017 

Re: Comment 50
The following support article should help you understand how inheritance takes place with regards to Machine, User, and Cloud Policies.  There are also two types of Machine and User policies - Mandatory and Recommended.  Cloud Policies are always Mandatory.  Mandatory > Recommended (regardless of Machine or Users type Policy).

https://support.google.com/chrome/a/answer/187202
Project Member

Comment 55 by bugdroid1@chromium.org, Jun 27 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9a740797201d02dea291dfc83c8abb01f26fbc53

commit 9a740797201d02dea291dfc83c8abb01f26fbc53
Author: zmin <zmin@chromium.org>
Date: Tue Jun 27 17:37:11 2017

After signin token check failed, show force reauth dialog and start window closing countdown.

BUG= 642059 

Review-Url: https://codereview.chromium.org/2944713003
Cr-Commit-Position: refs/heads/master@{#482668}

[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/signin/chrome_signin_client.cc
[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/signin/chrome_signin_client_unittest.cc
[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/signin/force_signin_verifier.cc
[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/signin/force_signin_verifier.h
[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/signin/force_signin_verifier_unittest.cc
[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/ui/BUILD.gn
[add] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/ui/forced_reauthentication_dialog.h
[delete] https://crrev.com/715cc9a29f6d78cf129f319a6f0b028a961fc5ed/chrome/browser/ui/views/profiles/forced_reauthentication_dialog.h
[rename] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/ui/views/profiles/forced_reauthentication_dialog_view.cc
[add] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/ui/views/profiles/forced_reauthentication_dialog_view.h
[rename] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/browser/ui/views/profiles/forced_reauthentication_dialog_view_browsertest.cc
[modify] https://crrev.com/9a740797201d02dea291dfc83c8abb01f26fbc53/chrome/test/BUILD.gn

Comment 56 by jones1...@gmail.com, Jun 27 2017 

My question is how is this flag or. json setting configured?
Project Member

Comment 57 by bugdroid1@chromium.org, Jun 29 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d1ba25881cbb45cc23a1f446ac174842986161c0

commit d1ba25881cbb45cc23a1f446ac174842986161c0
Author: Owen Min <zmin@chromium.org>
Date: Thu Jun 29 17:05:05 2017

Remove 'future' flag for ForceBrowserSignin policy

Remove the flag to update ADM/ADMX file on Dev. Also pump up the version of Android because it hasn't been launched yet.

Bug:  642059 
Change-Id: I8987966cfba83f558f5f0a0a2c97f8f3cdbd153a
Reviewed-on: https://chromium-review.googlesource.com/552743
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#483400}
[modify] https://crrev.com/d1ba25881cbb45cc23a1f446ac174842986161c0/components/policy/resources/policy_templates.json

Comment 58 by aberri...@parksidefederation.org.uk, Jul 4 2017 

I believe this was originally scheduled for release in Q1 2017, is there an updated release date?

Sorry to bug you but this feature would be really useful for us.

Comment 59 by steve@dyntech.co.uk, Jul 4 2017 

You might want to apply to join the preview group.

Hello, and thank you for your interest in the Chrome Browser enterprise feature preview! Later this year, we plan to release the following features:
1. Forced Sign-in  for Chrome - Block someones ability to run Chrome until they sign-in (Windows-only)
2. Restricting extensions based on required permissions (All platforms)
3. Legacy browser support 5 beta (Added: Support for Internet Explore Enterprise  Site Mode lists - Windows-only)

https://docs.google.com/forms/d/e/1FAIpQLScsxfvH7OBz8ZOt8DYaq-jNdzLOasn4f6NUTzEzcDQotXqLjw/viewform

Comment 60 by rsa...@gmail.com, Jul 4 2017 

Please have the Forced sign-in option be cross-platform!

Comment 61 by blumberg@chromium.org, Jul 5 2017 

We will continue to recruit for early testers/feedback this week and next. If you signed up, please watch out for an email which will contain next-steps (how to test & submit feedback etc). The email will be sent out this month.

Sorry for the delays!

C#59 has has the correct sign-up form.
Project Member

Comment 62 by bugdroid1@chromium.org, Jul 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3

commit 61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3
Author: Owen Min <zmin@chromium.org>
Date: Mon Jul 17 16:59:46 2017

Refacotor code to remove duplicate util function

Bug:  642059 
Change-Id: I249936e2a03a47f1533ce0e3fea040680a32f4f3
Reviewed-on: https://chromium-review.googlesource.com/568797
Reviewed-by: Tommy Li <tommycli@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487124}
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/profile_helper.cc
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/signin/md_user_manager_ui.cc
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/signin/signin_create_profile_handler.cc
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/signin/signin_create_profile_handler_unittest.cc
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/signin/signin_utils.cc
[modify] https://crrev.com/61afb80b65c8d5c7e5c4dfadcb25b1a6fd4357e3/chrome/browser/ui/webui/signin/signin_utils.h
Project Member

Comment 63 by bugdroid1@chromium.org, Jul 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1dfa5cace005d124a5b34f91849e8d266fc37746

commit 1dfa5cace005d124a5b34f91849e8d266fc37746
Author: Owen Min <zmin@chromium.org>
Date: Mon Jul 17 20:57:50 2017

Lock the profile temporarily during sign in when force-sign-in is enabled.

When force-sign-in policy is enabled and ProfileSigninConfirmationDialog is being displayed,
lock the profile temporarily so that there is no new browser window for that profile can be opened.

Unlock the profile after dialog being confirmed and Chrome begins to download policy.

Bug:  642059 
Change-Id: Ib4ab0e9172cae3646ae855cc48a9564bc2fef0a3
Reviewed-on: https://chromium-review.googlesource.com/572425
Commit-Queue: Owen Min <zmin@chromium.org>
Reviewed-by: Roger Tawa <rogerta@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487239}
[modify] https://crrev.com/1dfa5cace005d124a5b34f91849e8d266fc37746/chrome/browser/ui/sync/one_click_signin_sync_starter.cc

Comment 64 Deleted

Comment 65 by blumberg@chromium.org, Jul 18 2017 

Hi Colin,

The preview has not started yet. More updates to come this week.

Sorry for the delays, we want to get this right.

Thank you.

Comment 66 by gabriel....@fsisd.net, Jul 18 2017 

I am chomping at the bit waiting for this. I want to get it implemented asap. BUT, I am patiently waiting through these fixes also because I want as few problems as possible. I am willing to beta test since I work for a school district and right now most staff and all students are out for the summer so any issues would effect fewer people than normal.

Thank you for your work on this!

Comment 67 by mike.ro...@vintageking.com, Jul 26 2017 

Out of curiosity - would this prevent logging into G Suite Mail from different browsers if this setting's configured from G Suite Admin?

Comment 68 by stepheng...@amplifiedit.com, Jul 26 2017 

re:#67 No, but that can be accomplished with the AllowedDomainsForApps policy.
https://www.chromium.org/administrators/policy-list-3#AllowedDomainsForApps

Comment 69 by mike.ro...@vintageking.com, Jul 26 2017 

re:#68 I'm referring to preventing login to our G Suite environment from any browser but Chrome. Unless I'm missing something.

Comment 70 by stepheng...@amplifiedit.com, Jul 26 2017 

Ah, sorry I misunderstood.  AllowedDomainsForApps relates to which account can login to Chrome Browser and compliments this setting very well since users could otherwise login using an unmanaged account.

The feature you are referring to, preventing users from logging in from different browsers, is a feature request elsewhere.  I believe it relates closely to http://crbug.com/547427 (Include policy hooks for GAIA).  In the comments it refers to unmanaged browsers.  Comments 5,8 brings up that Android already handles this.

Comment 71 by mike.ro...@vintageking.com, Sep 22 2017 

Any update on this?

"(1) Enable forced sign-in (2) restrict sign in pattern.  Beyond that, everything else can be controlled from the admin console."

Comment 72 by msnoxell@chromium.org, Oct 25 2017

Cc: msnoxell@chromium.org
Project Member

Comment 73 by bugdroid1@chromium.org, Nov 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ab00b2aaa5510cd7bb31e87d0f2a6281ae576e8d

commit ab00b2aaa5510cd7bb31e87d0f2a6281ae576e8d
Author: Christopher Lam <calamity@chromium.org>
Date: Fri Nov 24 03:06:46 2017

Remove unused test file browser_modal_dialog_unittest.cc.

This was added in r478124 but was never used (it became obsolete during
code review).

Bug:  642059 
Change-Id: Ic7760a6356eb4f49012342cbc80bae2d1624e066
Reviewed-on: https://chromium-review.googlesource.com/788481
Reviewed-by: Trent Apted <tapted@chromium.org>
Commit-Queue: calamity <calamity@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519049}
[delete] https://crrev.com/f2e393669f34d87ad2ca13f2cf8df1f1b0a0f6bc/chrome/browser/ui/views/browser_modal_dialog_unittest.cc

Comment 74 by r...@rjkeeling.co.uk, Dec 9 2017 

Has the Preview started for this feature? Would love to test if possible.

Comment 75 by georgesak@chromium.org, Dec 11 2017 

@74 (and others)

Please follow this bug instead (where announcements are made):

https://bugs.chromium.org/p/chromium/issues/detail?id=175880

Comment 76 by stepheng...@amplifiedit.com, Dec 13 2017 

@georgesak
I believe that is related to Windows Only. that or this is a duplicate

Comment 77 by georgesak@chromium.org, Dec 13 2017 

@76

This bug is only meant to follow the implementation (code changes). Communication about this feature is done in https://bugs.chromium.org/p/chromium/issues/detail?id=175880

For now, it's Windows only, but we'll support Mac/Linux soon enough.

Comment 78 by stepheng...@amplifiedit.com, Jan 19 2018 

How will this affect Windows Integrated Authentication (Single Sign On)? Will the credentials be passed ?

Comment 79 by zmin@chromium.org, Jan 19 2018 

Hello,

Could you explain a little bit more about Windows Integrated Authentication in Chrome. Are you using it to sign in to Chrome or sign in to a website in Chrome?

Comment 80 by stepheng...@amplifiedit.com, Jan 19 2018 

Currently using WIA to sign into G Suite Accounts on Chrome (and firefox and IE/edge).  Would like to ultimately be able to sign into Chrome Browser on Windows Sign-in, providing a true Single Sign-in Experience for users.  

Work flow would be the following: When Chrome launches, look to see if it can automatically log in to Chrome browser with the windows  samAccountName and a defined GSuite domain name (that could also be configured in the GPO)

Comment 81 by zmin@chromium.org, Jan 26 2018 

Force-sign-in policy here does not add any new sign in process which means WIA is supported for Chrome sign in yet.

We'll happy to investigate it if there're more people ask for it.

Comment 82 by zmin@chromium.org, Jan 26 2018 

is *NOT* supported, sorry for the typo.

Comment 83 by zmin@chromium.org, Mar 5 2018

Status: Verified (was: Started)
The implementation of the policy is finished. For any further questions/issues, please open a new ticket.

Sign in to add a comment