New issue
Advanced search Search tips

Issue 725597 link

Starred by 46 users
Status: Assigned
Owner:
marcuskoehler@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Feature


Show other hotlists

Hotlists containing this issue:
my-follow-list


Sign in to add a comment

[FR] Create Policy to Restrict Device Login to Annotated User

Reported by stepheng...@amplifiedit.com, May 23 2017 
UserAgent: Mozilla/5.0 (X11; CrOS x86_64 9460.42.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.57 Safari/537.36
Platform: 9460.42.0 (Official Build) beta-channel samus

Steps to reproduce the problem:
1. Attempt to restrict a single user to a single device

What is the expected behavior?
In a 1:1 situation, admins want to restrict which users can login to which device.  

What went wrong?
The current method of a RestrictSigninToPattern allows anyone matching the pattern to sign into the device.  

Did this work before? N/A 

Chrome version: 59.0.3071.57  Channel: beta
OS Version: 9460.42.0
Flash Version: 26.0.0.102 /opt/google/chrome/pepper/libpepflashplayer.so

This is problematic since the Device's Recent Users Log updates on the LOGOUT event, making it impossible to reliably know who is currently logged into a managed device using managed accounts.  

With ARC taking up more hard drive space for apps and app storage, this granular management is necessary to prevent user data from being inadvertently expunged when the disk drive becomes full during another active user's session.

Recommend having this be a Checkbox which sets the policy RestrictSigninToPattern to disabled, sets the policy DeviceShowUserNamesOnSignin to true and remove all profiles other than the Annotated User, and display's the device's Asset ID value at the sign-in screen, if it has been populated.

Comment 1 by t.d.pie...@g.maranausd.org, May 23 2017 

This would be useful in a 1:1 Edu environment, where students have a device checked out to them for the school year.  Chromebooks often get switched accidentally (or on purpose) and restricting sign in to only the assigned user could avoid many of these mix-ups.

Comment 2 by pastarmovj@chromium.org, May 26 2017

Labels: Enterprise-Triaged
Owner: dskaram@chromium.org
Assigning to David for triaging.

Comment 3 by kathrelk...@chromium.org, Jul 6 2017

Labels: -Type-Bug Type-Feature
Status: Untriaged (was: Unconfirmed)

Comment 4 by kevinkim...@msad70.org, Jul 26 2017 

I am in k-12 and I would like to limit users to one login . that way when I put Johnny in bad boy restrictions he can not use his girl friends ID to get out.

What I had last year was any one student who could remember there password gave it out to the ones who could not remember . Made things confusing when in google classroom. 

Assigning a user to a Chrome Book would be VERY helpful

Comment 5 by dskaram@google.com, Jul 26 2017 

Question to admins, how would you like to do this assignment? Is it through editing the "User" field under the Device Custom Fields?

Comment 6 by stepheng...@amplifiedit.com, Jul 26 2017 

That's what the original request is for. The user field is the Annotated
User.

Comment 7 by benhenry@chromium.org, Aug 1

Status: Assigned (was: Untriaged)

Comment 8 by dskaram@chromium.org, Aug 23

Owner: marcuskoehler@chromium.org

Comment 9 by marcuskoehler@chromium.org, Sep 18

Labels: Hotlist-Enterprise-Identity

Comment 10 by stepheng...@amplifiedit.com, Sep 25 

And please make the regular expression for this feature non-case sensitive.  There has been issues with other parts of the cpanel where the username match failed due to case sensitivity.

Comment 11 by ryan.sch...@isd181.org, Oct 10 

This would be very helpful for Education with 1:1 device rollouts. This would help us keep students from swapping devices or trying to get around restrictions that may have been placed on them for inappropriate behaviour.

Sign in to add a comment