New issue
Advanced search Search tips

Issue 759197 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Nov 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 751556



Sign in to add a comment

Adding prompt message on UserManager when force-sign-in is enabled.

Project Member Reported by zmin@chromium.org, Aug 25 2017

Issue description

Adding prompt message on UserManager when force-sign-in is enabled.
 
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5032fe9a8b3fed61d4099dc23ee7dcd719c5aa61

commit 5032fe9a8b3fed61d4099dc23ee7dcd719c5aa61
Author: Owen Min <zmin@chromium.org>
Date: Fri Aug 25 22:22:56 2017

Show prompt messasge on UserManager when force-sign-in policy is enabled.

When Chrome is launched with profile locked, adding a prompt message to guide the user.

Screenshot:
1) https://drive.google.com/file/d/0B7mk_V3OvgKRbFhpWnJoYmIxOUE/view?usp=sharing
2) https://drive.google.com/file/d/0B7mk_V3OvgKRN2xjdDl2WG8zNDg/view?usp=sharing

Bug:  759197 
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: I25b7fa2baf451407141892b311e87112e3389b11
Reviewed-on: https://chromium-review.googlesource.com/633921
Commit-Queue: Owen Min <zmin@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#497561}
[modify] https://crrev.com/5032fe9a8b3fed61d4099dc23ee7dcd719c5aa61/chrome/app/generated_resources.grd
[modify] https://crrev.com/5032fe9a8b3fed61d4099dc23ee7dcd719c5aa61/chrome/browser/resources/md_user_manager/user_manager.html
[modify] https://crrev.com/5032fe9a8b3fed61d4099dc23ee7dcd719c5aa61/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc

Comment 2 by tnagel@chromium.org, Aug 28 2017

Blocking: 751556
Cc: tnagel@chromium.org
Components: Enterprise
Status: Started (was: Untriaged)
Could you please mention that the local administrator requires login? Maybe something along the lines of:
"Your local administrator has configured Chrome to require sign-in [with an account that matches: <RestrictSigninToPattern>]."

The part in square brackets should only be shown when RestrictSigninToPattern is set. Please keep in mind that the text should also work during first run -- "please unlock your profile" doesn't make sense there since (from the perspective of the user) there is no profile yet that could be unlocked.

Comment 3 by zmin@chromium.org, Aug 28 2017

Owner: zmin@chromium.org

Comment 4 by zmin@chromium.org, Aug 28 2017

The value of RestrictSigninToPattern is a regular expression. Display the value will confuse the user for sure. That's why I only says 'corporate'. And later, I could provide another policy so that admin is able to change this msg if necessary.

Force-sign-in policy is designed for deploying profile policy. It doesn't make sense if admins want user sign in with their gmail account because they can't setup cloud policy for personal profile.

Also, there is always a profile during first run. A default profile will be created (and locked with force-sign-in policy enabled) automatically if there is no profile.

I could add 'You local administrator has configured Chrome'. I didn't say that only because I want to keep the message as short as possible. Do you think it's important to mention 'administrator ' in the msg?

Comment 5 by tnagel@chromium.org, Aug 29 2017

> The value of RestrictSigninToPattern is a regular expression.

Are you sure it's a regular expression? The docs [1] say so, but the example that is given looks more like a glob pattern: "*@domain.com". Depending on what is correct, could you please fix either the text or the example?

> Also, there is always a profile during first run. A default profile will be created (and locked with force-sign-in policy enabled) automatically if there is no profile.

I've seen that. Technically, there is a profile. But not from the perspective of the user. "Please unlock your profile" is confusing since the user is not aware that they have a profile already.

> I could add 'You local administrator has configured Chrome'. I didn't say that only because I want to keep the message as short as possible. Do you think it's important to mention 'administrator ' in the msg?

Yes, it is important to mention the local administrator because otherwise the user could think that Chrome is enforcing sign-in. This would go against the principle of transparency.

[1] http://www.chromium.org/administrators/policy-list-3#RestrictSigninToPattern

Comment 6 by zmin@chromium.org, Aug 29 2017

Yes, it's a regular expression. And there is also a hack so that *@domain.com also works.
https://cs.chromium.org/chromium/src/components/signin/core/browser/signin_manager.cc?sq=package:chromium&dr=CSs&l=293

Ok, I think we should just avoid mention 'Profile' and I'll mention administrator.

Comment 7 by zmin@chromium.org, Aug 29 2017

I put you as reviewer of new text:
https://chromium-review.googlesource.com/c/chromium/src/+/641857

Comment 8 by tnagel@chromium.org, Aug 31 2017

Still I think it would be very nice if the message could mention the pattern that the email address needs to follow. It would seem easy to create a special case for patterns whose only wildcard is a .* (or just a *) at the start - this should be the majority. Thus I'd suggest:

if pattern starts with .*@ or *@ and has no other regexp special characters:
  "Your administrator requires you to sign into Chrome with your @<domain> account."
else
  "Your administrator requires you to sign into Chrome with an account that matches the following pattern: <pattern>."
Project Member

Comment 9 by bugdroid1@chromium.org, Sep 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/da0bec28176100b7c15adb7ce875e97cdf308a16

commit da0bec28176100b7c15adb7ce875e97cdf308a16
Author: Thiemo Nagel <tnagel@chromium.org>
Date: Mon Sep 04 11:13:34 2017

Fix RestrictSigninToPattern documentation

The pattern is documented as regular expression, thus the example should
also be a regular expresson.

Bug:  759197 
Change-Id: I9267dd3dabc5e397f23890e30cf263f396b04a4d
Reviewed-on: https://chromium-review.googlesource.com/645637
Reviewed-by: Owen Min <zmin@chromium.org>
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Commit-Queue: Thiemo Nagel <tnagel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#499478}
[modify] https://crrev.com/da0bec28176100b7c15adb7ce875e97cdf308a16/components/policy/resources/policy_templates.json

Project Member

Comment 10 by bugdroid1@chromium.org, Oct 10 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f13ab2c3cb1c3f206a47b349daee64ff95f58590

commit f13ab2c3cb1c3f206a47b349daee64ff95f58590
Author: Owen Min <zmin@chromium.org>
Date: Tue Oct 10 22:15:28 2017

Improve the words of force-sign-in prompt message.

Bug:  759197 
Change-Id: Ibdaea7ca726a6fa3f3b845a43502de551540802c
Reviewed-on: https://chromium-review.googlesource.com/641857
Reviewed-by: Owen Min <zmin@chromium.org>
Reviewed-by: Georges Khalil <georgesak@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#507791}
[modify] https://crrev.com/f13ab2c3cb1c3f206a47b349daee64ff95f58590/chrome/app/generated_resources.grd

Comment 11 by zmin@chromium.org, Nov 7 2017

Status: Fixed (was: Started)

Sign in to add a comment