Managed guest session devices

Chrome version 73 and later.

For administrators who manage Chrome devices for a business or school.

Chromebook icon updated Dec 2013

With managed guest sessions, multiple users can share the same device running Chrome OS without having to sign in to their Google Account. For example, use managed guest sessions to configure Chrome devices as loaner devices, shared computers.

With managed guest sessions, your users can have a full browsing experience and access multiple websites in windowed mode, not full-screen.

Before you begin

  • Enroll the devices that you want to let users run managed guest sessions on. For details, see Enroll Chrome devices.
  • Place devices that users will use to run managed guest sessions in an organizational unit. You can place a Chrome device in only one organizational unit at a time. You can then apply managed guest session settings to devices in that organizational unit.
  • Managed guest session pods are prioritized over user pods on the sign-in screen. Make sure that the sign-in screen displays users’ names and pictures. For details, see Sign-in screen.
  • You need Chromebook Enterprise devices or an upgrade, such as Chrome Enterprise Upgrade or Chrome Education Upgrade, for each standalone Chrome device that you want to run a managed guest session on. Managed guest session settings are not available for devices enrolled with Chrome Kiosk.
  • Private apps and extensions that are limited to users in a domain can't be installed because managed guest sessions don't require users to sign in.

Set up managed guest sessions

Step 1: Configure your Chrome devices
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome management.
  3. Click Managed guest session settings.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  5. Next to Managed guest session, choose an option:
    • To use managed guest sessions on Chrome devices, select Allow managed guest sessions.
    • To automatically launch a managed guest session, select Auto-launch managed guest session.
  6. Enter the name that you want your users to see for the session. For example, Fremont High School Library or Solarmora shared computer.
  7. Configure the settings for managed guest sessions. For details, see Step 2 below.
  8. Click Save.
Step 2: Configure managed guest session settings

Settings that are unique to managed guest sessions are in the table below. Most settings that are available on the Managed guest session settings page are also available on the User & browsers settings page. The policies behave in a similar way, but they apply inside the guest session instead of when users are signed in. These policies are described in Set Chrome policies for users or browsers.

Setting Description
Managed guest session

Session name to appear on login screen

The name that you want your users to see for the session.

The settings below are only available for managed guest sessions that automatically launch on Chrome devices

Auto-launch delay

Enter the number of seconds to wait before automatically launching the managed guest session.

Enable device health monitoring

Select Enable device health monitoring to allow the health status of a kiosk to be reported. Then, you can check if a device is online and working properly. For information, see Monitor kiosk health.

Enable device system log upload

Important: Before using this setting, you must inform the users of managed kiosk devices that their activity might be monitored and data might be inadvertently captured and shared. Without notification to your users, you are in violation of the terms of your agreement with Google.

Select Enable device system log upload to automatically capture system logs for kiosk devices. Logs are captured every 12 hours and uploaded to your Admin console. Logs are stored for up to 60 days.

At any one time, 7 logs are available to download:

  • Each day of the past 5 days

  • 30 days ago

  • 45 days ago

For information, see Monitor kiosk health.

Screen rotation (clockwise)

To configure screen rotation for your kiosk devices, select your desired screen orientation. For example, to rotate the screen for a portrait layout, select 90 Degrees. This policy can be overridden by manually configuring the device to a different screen orientation.

Maximum user session length Sign the user out of the session after a specified amount of time, between one and 1,440 minutes. For unlimited sessions, do not enter a value.
Custom terms of service You can upload a custom Terms of Service agreement, .txt or .text file, that users must accept.
Idle settings

Action on idle

Select what you want the device to do after the idle time expires. Choose whether devices go to sleep, exit session, shut down, or do nothing.

Idle time in minutes

To specify the amount of idle time, enter a value in minutes. To use the system default, which varies by device, leave the box empty.

Action on lid close

Choose whether you want devices to go to sleep, exit session, shut down, or do nothing when users close the device lid.

Browser launch on startup Specifies whether Chrome Browser should automatically launch when users start their Chrome devices.
Session Locale

Specify the order of recommended languages on the Chrome device's sign-in screen.

  • If you do not specify any recommended languages—Chrome OS will keep the current language when starting a managed guest session. The user can change this default setting when they start the session.
  • If you specify only one language—Chrome OS will use this language when starting a managed guest session. The user can change this default setting when they start the session.
  • If you specify more than one language—Chrome OS will ask the user to choose a language when starting a managed guest session. You can choose the order of languages in the list. By default, Chrome uses the most popular keyboard layout for the chosen language. Users can change the keyboard layout when they start the session.

The language and keyboard layout will go back to their previous values when the managed guest session ends.

Step 3: Apply additional settings and policies

You can configure device policies, user policies, and network settings. For details, see Set Chrome device policies and Set Chrome policies for users or browsers.

How to set up managed guest sessions

Learn how to create OUs, apply an initial managed guest session policy, and move enrolled devices to the OU to receive the policy.

How to set up managed guest sessions

How users browse in managed guest sessions

On the sign-in screen, users see the session display name that you set in Step 1 above. To use a managed guest session, users:

  1. Click the managed guest session pod.
    Users see:
    • The domain name of the organization that manages the session
    • A message that the admin might have access to all activity during the session, including passwords and communications
  2. Click Next.
  3. If there is a custom Terms of Service agreement, click Accept to start the session.
  4. Start browsing the web.

The session is valid until the user signs out, reaches the maximum session time, or reaches the specified amount of idle time for the device. When the managed guest session ends, the user is automatically signed out and all local user data is wiped from the device.

When to use managed guest sessions

Assessments

To only allow students a specified amount of time, you can set the exam or assessment time for however long you want. You can lock down internet access to prevent students from looking up answers online or taking screenshots. Read about using Chromebooks for student assessments.

Library use

You can specify the length of the session. You can also configure the device to print to local and network printers using Common UNIX Printing System (CUPS). For details, see Manage local and network printers.

Business center or cybercafe

Similar to library mode, you can set the length of time for the user session. You can also set up device-based policies on the device.

Retail store

You can configure the device so that it doesn’t have a session timer. People can browse on the device at a kiosk or sales floor for an unlimited amount of time. You can also automatically launch a managed guest session on the device. Read about kiosk settings.

Common questions

Open all   |   Close all

Can users print from a Chrome device with managed guest sessions?
Yes. You can let users print to local and network printers using Common UNIX Printing System (CUPS). For details, see Manage local and network printers.
How are managed guest sessions different from guest browsing?
Guest browsing is useful for quickly browsing the web. However, with guest browsing, you can’t preconfigure apps, limit the session length, enforce a variety of security policies, or manage sessions in a way most businesses and schools require. Managed guest session browsing allows you to enforce many user policies without requiring each user to sign in. Read about guest browsing.
What messages might users see?

"Your organization manages this device and has access to all user activity, including webpages visited, passwords, and email."

Users will see this message when they sign in to a managed guest session if their device has any of the following advanced settings:

"Your organization manages this device and may be able to monitor your activity."

Users will see this message if auto-launch is not enabled and the device doesn't have any of the advanced settings listed above.

Related topics

Was this helpful?
How can we improve it?