When users are affiliated with the organization managing their Chrome browser, they are viewed as more trustworthy. Organizations place more restrictions on users that sign into browsers or ChromeOS devices that are not affiliated with the user's domain.
A Chrome browser user is affiliated if all the following conditions are met:
- the Chrome browser is managed through Chrome Enterprise Core
- AND the user is managed through Google Cloud Identity
- AND the user and the managed browser belong to the same organization
A ChromeOS user is affiliated if all the following conditions are met:
- the ChromeOS device is managed
- AND the ChromeOS user is managed
- AND the user and the managed device belong to the same organization
In most instances, affiliated users belong to one domain registered for Chrome Enterprise Core. However, organizations can configure multiple domains to represent one organization. In this case, affiliated users can belong to multiple domains.
Example scenarios
Here are some scenarios when a user signs into a device.
Example 1
Scenario
- user@domainA.com is managed by domainA
- The device is managed by domainA
Result
- user@domainA.com is affiliated
Example 2
Scenario
- user@domainA.com is managed by domainA
- The device is unmanaged
Result
- user@domainA.com is not affiliated
Example 3
Scenario
- user@domainA.com is managed by domainA
- The device is managed by domainB
Result
- user@domainA.com is not affiliated
Note: This scenario is used to turn off some Google Cloud Services that require user affiliation.
Example 4
Scenario
- user@domainA.com is managed by domainB
- The device is managed by domainB
Result
- user@domainA.com is affiliated
Verify user affiliation
- On a managed Chrome browser or ChromeOS device, browse to chrome://policy.
- If a managed user is signed in, a User policies box is displayed under Status.
- The Is affiliated status should be set to Yes.