Notification

Bring your best ideas to life with Gemini for Google Workspace. Get tips & real-life use cases for using gen AI at work.

Set up endpoint verification on your computer

If you access your work account on a work or personal computer, your administrator might require you to set up endpoint verification. Endpoint verification lets your administrator review information about your device and control your access to apps based on your location, device security status, or other attributes.

System requirements

  • Endpoint verification requires Chrome browser. Make sure your computer meets the Chrome browser system requirements.
  • Supported computers include:
    • Apple Mac OS X El Capitan (10.11) and later
    • ChromeOS 110 and later
    • Linux Debian or Ubuntu (CPU must support AES instructions)
    • Microsoft Windows 10 and 11

What's endpoint verification?

Administrators in your organization use endpoint verification to control device access to your organization’s data and get details about the devices that do. For administrators to use endpoint verification, you need to install Chrome browser, the Endpoint Verification extension, and possibly a helper app on your computer.

When endpoint verification is installed, your Chrome browser is open, and you're signed in with your managed Google Account, your administrator can see:

  • Your device ID, serial number, type, and operating system.
    Note: For ChromeOS, the serial number displays only for enterprise-enrolled devices.
  • Your name and managed email address.
  • The first and last time your computer synchronized work data, including any encryption and if the device has a password.
  • Whether your device follows your organization’s policies (Chrome devices only).

To stop sharing your device information, sign out of your managed Google Account from your Chrome browser or remove the Endpoint Verification extension from your Chrome browser. Learn how

Set up endpoint verification

Your administrator can automatically install the Endpoint Verification extension for you. If you have a Mac, Windows, or Linux device, they might ask you to install it.

  1. On devices running ChromeOS, sign in to the device with the corporate account that you will use to set up endpoint verification.
  2. Open Chrome browser. If you need to download the browser, see Download & install Google Chrome.
  3. (Mac, Windows, and Linux only) On the browser toolbar, if you don’t see the Endpoint Verification  extension, you need to install it. Open Endpoint Verification and click Add to Chrome.
  4. On the toolbar on the extension, if you see Exception , click the extension to open it.
  5. If prompted, click Add Account and enter your work email address and password.
  6. You might see a message that a helper app is required on your device. If you have a Mac or Windows computer, click Install it and follow the steps to install the helper app. If you have a Linux computer, see Install the helper app (Linux only).

    Note: When you try to connect to secured services such as internal websites on Chrome browser, you might be asked which certificate to use. Make sure to choose the one issued by your organization and not the one created by the helper app. Otherwise, you might not be able to access those websites.

  7. Click the extension againand thenSync Now.

Install the helper app (Linux only)

  1. At the top left, click Activities and enter terminal to open a terminal.
  2. Enter the following commands to add the package source and import the key:
    1. $ echo "deb https://packages.cloud.google.com/apt endpoint-verification main" | sudo tee -a /etc/apt/sources.list.d/endpoint-verification.list
    2. $ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
  3. Enter the following commands to update and install endpoint verification:
    1. $ sudo apt-get update
    2. $ sudo apt-get install endpoint-verification
  4. Open Chrome browser and on the toolbar, click Endpoint Verification and thenSync Now.

Sync information about your computer

After you set up endpoint verification, information about your computer automatically synchronizes to your administrator.

To manually sync information:

  1. On the browser toolbar, click Endpoint Verification .
    You can see the last time the computer synced information with your organization.
  2. Click Sync now.

Troubleshoot endpoint verification

Expand all  |  Collapse all

Can't sync because of a Keychain authorization error (macOS only)

In Chrome browser, you might get an error that endpoint verification can't sync because of a Keychain authorization error.

To resolve the problem, sign out of your computer (click the Apple iconand thenLog Out) and then sign in again. If you still see the error, complete the following steps:

  1. On your Mac, open the Keychain Access app.
  2. At the left, click login.
  3. If the icon shows it's locked, right-click login and then click Unlock Keychain "login".

    Tip: If you can't unlock the login keychain or get into Access Control, try this fix from Apple.

  4. At the left, click Passwords.
  5. In the list of passwords, double-click Endpoint Verification Safe Storage.
  6. Click Access Control.
  7. If Confirm before allowing access is selected:
    1. Select Allow all applications to access this item and click Save Changes.
    2. In the Chrome browser toolbar, click Endpoint Verification  and then click Sync Now.
    3. If sync is still unsuccessful, continue to the next step.
  8. If Allow all applications to access this item is already selected or sync still returns an error:
    1. In the Keychain Access app passwords list, right-click Endpoint Verification Safe Storage and then click Delete "Endpoint Verification Safe Storage."
    2. In Chrome, open the Endpoint Verification extension and click Sync Now.
Can't sync because of a Data Protection API error (Windows only)

In Chrome browser, you might get an error that endpoint verification can't sync because of a Data Protection API error. This error can be caused when S4U scheduled tasks run on your device.

Step 1. Determine if an S4U task is configured

To find out if any S4U scheduled tasks might be causing the error:
  1. Lock the device screen.
  2. Within 15 seconds, unlock the device screen.
  3. Within 15 seconds, in the Chrome browser toolbar, click Endpoint Verification and then click Sync Now.

If sync is successful, the error is likely caused by an S4U task.

Step 2. Identify the S4U tasks

Open PowerShell and run the following script:
Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }
If the output includes one or more lines containing a task name, then go on to the next step.

Step 3. Fix the problem

  1. On your Windows device, open Task Scheduler.
  2. Scroll down to Active Tasks.
  3. Find the tasks from the output of step 2. For each task:
    1. Double-click the task.
    2. At the right, click Properties.
    3. Uncheck Do not store password.
    4. Click OK.
  4. Lock the device screen and then unlock it.
  5. Within 15 seconds, in the Chrome browser toolbar, click Endpoint Verification and then click Sync Now.

Advanced approach

Attempt only if the previous fix doesn't work and your device still can't sync.

Warning: You can make your computer inoperable if you incorrectly configure registry keys. Use this approach only if you're comfortable editing registry keys. You might also be contacted by your Google Workspace administrator because this approach will create duplicate entries for your device in their managed device list.

  1. From the Windows Start menu, click Run.
  2. In the Run box, enter regedit.
  3. In Registry Editor, find HKEY_CURRENT_USER\Software\Google\Endpoint Verification\Safe Storage and delete it.
  4. In the Chrome browser toolbar, click Endpoint Verification and then click Sync Now.
Can't sync because can't recover data protection key (Windows only)

In Chrome browser, you might get an error that endpoint verification can't recover the data protection key and can't sync. This error can be caused when S4U scheduled tasks run on your device and you have an earlier version of Chrome browser on your device.

To resolve the problem:

Step 1. Identify and edit S4U tasks

On your Windows device, open PowerShell and run the following script:

Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }

If the output includes one or more lines containing a task name, then you need to edit these tasks.

  1. Open Task Scheduler.
  2. Scroll down to Active Tasks.
  3. Find the tasks from the output of step 2. For each task:
    1. Double-click the task.
    2. At the right, click Properties.
    3. Uncheck Do not store password.
    4. Click OK.

Step 2. Remove the registry key and start a new session

Warning: You can make your computer inoperable if you incorrectly configure registry keys. Use this approach only if you're comfortable editing registry keys. You might also be contacted by your Google Workspace administrator because this approach will create duplicate entries for your device in their managed device list.

  1. From the Windows Start menu, click Run.
  2. In the Run box, enter regedit.
  3. In Registry Editor, find HKEY_CURRENT_USER\Software\Google\Endpoint Verification\Safe Storage and delete it.
  4. Lock the device screen and unlock it.
  5. In the Chrome browser toolbar, click Endpoint Verification and then click Sync Now.
  6. (Optional) To get better error messages, update Chrome browser.
My issue isn't listed. What do I do?
If your issue isn't listed, contact your Google Workspace administrator. Who is my administrator?
To help them diagnose your issue, download the endpoint verification logs and share them with your administrator:
  1. On your device, open Chrome browser.
  2. In the Chrome browser toolbar, right-click Endpoint Verification  and then click Optionsand thenDownload Log.

Uninstall endpoint verification

If you installed the Endpoint Verification extension from the Chrome Web Store, you can remove it from your computer. If an administrator automatically installed it on your computer, then an administrator needs to remove it for you.

  1. On your computer, open Chrome browser.
  2. At the top right, click More and thenMore toolsand thenExtensions.
  3. On the Endpoint Verification extension, click Remove.
    You can use the search bar at the top to find it.
  4. Click Remove to confirm.

Uninstall the helper app (Mac, Windows, and Linux only)

Linux
  1. At the top left, click Activities and enter terminal to open a terminal.
  2. Enter $sudo apt-get remove endpoint-verification.
Mac
  1. Open Finder and go to Macintosh HDand thenLibraryand thenApplication Support.
    Note: If you don’t see Macintosh HD, at the top left, click Finderand thenPreferencesand thenSidebar and check the Hard disks box.
  2. Drag the SecureConnect folder into the Trash.
  3. At the top left, click Finderand thenEmpty Trash.
Windows
  1. Click Startand thenControl Panel.
  2. Click Programsand thenPrograms and Features.
  3. Double-click Google SecureConnect.
  4. Click Uninstall.

 


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

 

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu