Applies to Apple users who use a managed Chrome browser.
You can use Apple Extensible Single Sign-on to build single-sign on (SSO) extensions that extend usernames and passwords to applications, minimizing the number of times a user needs to sign in to their corporate accounts.
Google offers built-in support in Chrome for the Apple ecosystem functionality. You can deploy management packages that allow Google Chrome to use usernames and passwords from the defined SSO extensions, allowing managed users in Chrome to skip having to re-enter their usernames and passwords.
Before you begin
You must have the following:
- An identity provider that supports Extensible Single Sign-on. For example, Okta, Identity Engine, Microsoft Entra ID, or similar.
- Extensible Single Sign-on configured on your identity provider.
- Extensible Single Sign-on payloads configured for each applicable platform, distributed using your preferred MDM solution.
- The required SSO application installed on the device. For example, Okta Verify, Microsoft Authenticator, or similar.
Configuration steps
iOS
You might need two separate management payloads to use Extensible Single Sign-on:
- A Single Sign-on Extension payload that defines the SSO extension, the sign-in host names, and other required parameters. This is a standard payload for most MDMs.
- For Microsoft Entra ID, a custom management payload that defines which applications support the extension. You define the Google bundle prefixes of the targeted apps. For more details, see Microsoft Enterprise SSO plug-in for Apple devices.
Example
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.apple.,com.jamf.,com.jamfsoftware.,com.google.</string>
<key>disable_explicit_app_prompt</key>
<integer>1</integer>
</dict>
</plist>
- After you have added com.google., Chrome calls out the required extension when a user attempts to authenticate onto the SSO.
macOS
Coming soon
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.