New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 889628 link

Starred by 7 users

Issue metadata

Status: Duplicate
Owner:
Closed: Oct 1
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Feature



Sign in to add a comment

FR: Policy control for Allow Chrome sign-in

Project Member Reported by kotah@chromium.org, Sep 26

Issue description

Summary:
We just announced that in M70 we are going to allow users to choose if they want to link web-based sign-in with Chrome browser sign-in: https://www.blog.google/products/chrome/product-updates-based-your-feedback/

This inevitably resulted in enterprise/education feature requests to allow admin to policy-control, i.e. force-enable/disable the setting for managed users.

This may be blocked on crbug.com/888776, but kicking off to track enterprise/education customer requests.

@privard, Can you triage and prioritize this request?
 
Cc: pastarmovj@chromium.org
Just to make it clear: we will add a pref that would allow the user to sign in to Google web (e.g. gmail.com) without signing in to Chrome. Note that signing in to Chrome is about Chrome knowing the Google identities of the user - sync does *not* automatically start when the user signs in to Google web (e.g. gmail.com).

Note that this pref does not allow the admin for force sync on when the user signs in to Google web.

In terms of coding we are doing the following:
1. we are changing the old (and currently deprecated) SigninAllowed policy to refer to a new pref named SigninAllowedOnNextRestart.
2. On start-up, we set the value for signin.allowed pref to match the value of SigninAllowedOnNextRestart pref.
3. We are doing a couple of tweaks to the UI.

We are still trying to figure out what this means for the SigninAllowed policy and whether we need to update its description. pastarmovj@ suggested to not do any updated to the policy description for M70 as we are too late in the cycle.

Note: The following policies continue to be supported as expected:
* ForceBrowserSignin: user must be signed in to Chrome and have selected their primary account (aka sync account)
* RestrictSigninToPattern: restricts the accounts that can be selected as the primary Chrome account (aka used for sync) to the given pattern
* SyncDisabled: sync cannot be enabled in this profile.
Btw for 70 we can at least update the documentation on https://www.chromium.org/administrators/policy-list-3 manually to reflect whatever the correct behavior is. The ADM[X] templates will still be whatever is in the code but this page can be manually edited to reflect the truth more closely.
Mergedinto: 890396
Status: Duplicate (was: Untriaged)
I see crbug.com/890396 has been filed for the same request - Dup'ing to consolidate the discussions.

Sign in to add a comment