Un-deprecate SigninAllowed
Reported by
drclla...@gmail.com,
Sep 20 2017
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Steps to reproduce the problem: I want to be able to prevent users from being able to sign into Chrome on their enterprise domain joined devices. Currently we have the policy set to syncdisabled (as per https://www.chromium.org/administrators/policy-list-3#SyncDisabled) and I have tried blacklisting the URL Chrome://Chrome-signin (its not the best user experience). The only thing that seems to work in a way that is satisfactory for Security and the users is to set SignInAllowed to disabled (as per https://www.chromium.org/administrators/policy-list-3#SigninAllowed). What is the expected behavior? What went wrong? However, that setting is deprecated. Is it possible to have this setting un-deprecated so that it can continue to be used? Did this work before? N/A Chrome version: 61.0.3163.79 Channel: stable OS Version: 10 Flash Version:
,
Sep 20 2017
+zmin, feature owner for forced sign in.
,
Sep 21 2017
Hello, Firstly, force-signin policy is the opposite of the signinAllow/syncDisable. It actually forces the user signin to Chrome but not disable it. SyncDisable is the replacement of SignInAllowed as blocking sync is the main reason of signin disable. After disable sync, the only thing user could get from sign-in is automatically sign-in to Google Service like Gmail or Google Doc. Is there any other reason you want to completely disable sign in?
,
Sep 22 2017
,
Sep 25 2017
Main driver behind removing the users ability to sign into chrome is to remove helpdesk calls. Blocking the users sign into chrome will remove any confusion as to why the users don’t have their settings synced and why they are not able to login into sites like gmail or google drive/docs/sheets/slides.
,
Apr 19 2018
We're also in an enterprise environment, trying to prevent users from signing in to Chrome on our kiosk builds. SyncDisable does not remove the "Sign in to Chrome" option from the browser bar; SigninAllowed set to 0 was able to achieve this. As such, SyncDisable should NOT be considered a replacement for SigninAllowed, and should be un-deprecated. Fortunately, sign-ins can still be disabled by setting the registry key manually (screencap attached).
,
Jun 6 2018
Another reason that I have recently come across is for users that first log into their domain joined machine, migrate their favorites from IE and when they then log into Chrome, all of their favorites disappear and they are forced to migrate their favorites again.
,
Nov 5
The new policy for this is: BrowserSignIn |
||||
►
Sign in to add a comment |
||||
Comment 1 by kkaluri@chromium.org
, Sep 20 2017