Set up endpoint verification on your computer

If you access your work account on a work or personal computer, your administrator might require you to set up endpoint verification. Endpoint verification lets the admin see information about the device and control your access to apps based on your location, device security status, or other attributes.

Supported computers include:

  • Apple Mac
  • Devices running Chrome OS
  • Linux Debian and Ubuntu
  • Microsoft Windows 7 and 10

What's endpoint verification?

Admins in your organization use endpoint verification to control device access to your organization’s data and get details about the devices that do. For admins to use endpoint verification, you need to install Chrome Browser, the Endpoint Verification extension, and possibly the native helper app on your computer.

When endpoint verification is installed, your Chrome Browser is open, and you're signed in with your managed Google Account, your admin can see:

  • Your device ID, serial number, type, and operating system.
  • Your name and managed email address.
  • The first and last time your computer synchronized work data, including any encryption and if the device has a password.
  • Whether your device follows your organization’s policies (Chrome devices only).

To stop sharing your device information, sign out your managed Google Account from your Chrome Browser or remove the Endpoint Verification extension from your Chrome Browser. Learn how

Set up endpoint verification

Your admin can automatically install the Endpoint Verification extension for you. If you have a Mac, Windows, or Linux device, they might ask you to install it.

  1. On devices running Chrome OS, sign in to the device with the corporate account that you will use to set up endpoint verification.
  2. Open Chrome Browser. If you need to download the browser, see Download & install Google Chrome.
  3. (Mac, Windows, and Linux only) On the browser toolbar, if you don’t see the Endpoint Verification "" extension, you need to install it. Open Endpoint Verification and click Add to Chrome.
  4. On the toolbar on the extension, if you see Exception "", click the extension to open it.
  5. If prompted, click Add Account and enter your work email address and password.
  6. You might see a message that the native helper app is required on your device. If you have a Mac or Windows computer, click Install it and follow the steps to install the native helper. If you have a Linux computer, see Install the native helper app (Linux only).
  7. Click the extension againand thenSync Now.

Install the native helper app (Linux only)

  1. At the top left, click Activities and enter terminal to open a terminal.
  2. Enter the following commands to add the package source and import the key:
    1. $ echo "deb https://packages.cloud.google.com/apt endpoint-verification main" | sudo tee -a /etc/apt/sources.list.d/endpoint-verification.list
    2. $ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
  3. Enter the following commands to update and install endpoint verification:
    1. $ sudo apt-get update
    2. $ sudo apt-get install endpoint-verification
  4. Open Chrome Browser and on the toolbar, click Endpoint Verification ""and thenSync Now.

Sync information about your computer

After you set up endpoint verification, information about your computer automatically synchronizes to your admin.

To manually sync information:

  1. On the browser toolbar, click Endpoint Verification "".
    You can see the last time the computer synced information with your organization.
  2. Click Sync now.

Troubleshoot endpoint verification

Can't sync because of a Keychain authorization error (macOS only)

In Chrome Browser, you might get an error that endpoint verification can't sync because of a Keychain authorization error. To resolve the problem, take the following steps:

  1. On your Mac, open the Keychain Access app.
  2. At the left, click login.
  3. If the icon shows it's locked, right-click login and then click Unlock Keychain "login".
  4. At the left, click Passwords.
  5. In the list of passwords, double-click Endpoint Verification Safe Storage.
  6. Click Access Control.
  7. If Confirm before allowing access is selected:
    1. Select Allow all applications to access this item and click Save Changes.
    2. In the Chrome browser toolbar, click Endpoint Verification "" and then click Sync Now.
    3. If sync is still unsuccessful, continue to the next step.
  8. If Allow all applications to access this item is already selected or sync still returns an error:
    1. In the Keychain Access app passwords list, right-click Endpoint Verification Safe Storage and then click Delete "Endpoint Verification Safe Storage".
    2. In Chrome, open the Endpoint Verification extension and click Sync Now.
Can't sync because of a Data Protection API error (Windows only)

In Chrome Browser, you might get an error that endpoint verification can't sync because of a Data Protection API error. This error can be caused when S4U scheduled tasks run on your device.

Step 1. Determine if an S4U task is configured

To find out if any S4U scheduled tasks might be causing the error:
  1. Lock the device screen.
  2. Within 15 seconds, unlock the device screen.
  3. Within 15 seconds, in the Chrome browser toolbar, click Endpoint Verification "" and then click Sync Now.

If sync is successful, the error is likely caused by an S4U task.

Step 2. Identify the S4U tasks

Open PowerShell and run the following script:
Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }
If the output includes one or more lines containing a task name, then go on to the next step.

Step 3. Fix the problem

  1. On your Windows device, open Task Scheduler.
  2. Scroll down to Active Tasks.
  3. Find the tasks from the output of step 2. For each task:
    1. Double-click the task.
    2. At the right, click Properties.
    3. Uncheck Do not store password.
    4. Click OK.
  4. Lock the device screen and then unlock it.
  5. Within 15 seconds, in the Chrome browser toolbar, click Endpoint Verification "" and then click Sync Now.

Advanced approach

Attempt only if the previous fix doesn't work and your device still can't sync.

Warning: You can make your computer inoperable if you incorrectly configure registry keys. Use this approach only if you're comfortable editing registry keys. You might also be contacted by your Google Workspace admin because this approach will create duplicate entries for your device in their managed device list.

  1. From the Windows Start menu, click Run.
  2. In the Run box, enter regedit.
  3. In Registry Editor, find HKEY_CURRENT_USER\Software\Google\Endpoint Verification\Safe Storage and delete it.
  4. In the Chrome browser toolbar, click Endpoint Verification "" and then click Sync Now.
Can't sync because can't recover data protection key (Windows only)

In Chrome Browser, you might get an error that endpoint verification failed to recover the data protection key and can't sync. This error can be caused when S4U scheduled tasks run on your device and you have an earlier version of Chrome Browser on your device.

To resolve the problem:

Step 1. Identify and edit S4U tasks

On your Windows device, open PowerShell and run the following script:

Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }

If the output includes one or more lines containing a task name, then you need to edit these tasks.

  1. Open Task Scheduler.
  2. Scroll down to Active Tasks.
  3. Find the tasks from the output of step 2. For each task:
    1. Double-click the task.
    2. At the right, click Properties.
    3. Uncheck Do not store password.
    4. Click OK.

Step 2. Remove the registry key and start a new session

Warning: You can make your computer inoperable if you incorrectly configure registry keys. Use this approach only if you're comfortable editing registry keys. You might also be contacted by your Google Workspace admin because this approach will create duplicate entries for your device in their managed device list.

  1. From the Windows Start menu, click Run.
  2. In the Run box, enter regedit.
  3. In Registry Editor, find HKEY_CURRENT_USER\Software\Google\Endpoint Verification\Safe Storage and delete it.
  4. Lock the device screen and unlock it.
  5. In the Chrome browser toolbar, click Endpoint Verification "" and then click Sync Now.
  6. (Optional) To get better error messages, update Chrome Browser.

My issue isn't listed. What do I do?

If your issue isn't listed, contact your Google Workspace administrator. Who is my administrator?
To help them diagnose your issue, download the endpoint verification logs and share them with your administrator:
  1. On your device, open Chrome Browser.
  2. In the Chrome browser toolbar, right-click Endpoint Verification ""and thenOptionsand thenDownload Log.

Uninstall endpoint verification

If you installed the Endpoint Verification extension from the Chrome Web Store, you can remove it from your computer. If an admin automatically installed it on your computer, then an admin needs to remove it for you.

  1. On your computer, open Chrome Browser.
  2. At the top right, click More ""and thenMore toolsand thenExtensions.
  3. On the Endpoint Verification extension, click Remove.
    You can use the search bar at the top to find it.
  4. Click Remove to confirm.

Uninstall the native helper app (Mac, Windows, and Linux only)

Linux

  1. At the top left, click Activities and enter terminal to open a terminal.
  2. Enter $sudo apt-get remove endpoint-verification.

Mac

  1. Open Finder and and navigate to Macintosh HDand thenLibraryand thenApplication Support.
    Note: If you don’t see Macintosh HD, at the top left, click Finderand thenPreferencesand thenSidebar and check the Hard disks box.
  2. Drag the SecureConnect folder into the Trash.
  3. At the top left, click Finderand thenEmpty Trash.

Windows

  1. Click Startand thenControl Panel.
  2. Click Programsand thenPrograms and Features.
  3. Double-click Google SecureConnect.
  4. Click Uninstall.



Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?