Manage public session devices
This article has general information about setting up public sessions on Chrome devices. To find out how to use a Chromebook for student assessments, see Use Chromebooks for student assessments.
With public sessions, multiple users can share the same Chrome device without the need to sign in. For example, use public sessions to configure Chrome devices for use as kiosks, loaner devices, shared computers, or for any other work or school-related purpose for which users don't need to sign in.
With public sessions, your users can have a full browsing experience and access multiple websites in a windowed mode (not fullscreen). Single App Kiosk mode is focused around a single application and offers the option for a full screen experience.
Before you start
- Enroll the device you want to use as a public session in your domain. Once successfully enrolled, the device displays in the Admin console at Device management > Chrome devices.
- Make sure that Always show user names and photos is enabled in the Admin console under Device management > Chrome management > Device settings > Sign-in Screen.
Set up public sessions for your Chrome devices
- Sign in to your Admin console.
- Go to Device management > Chrome management > Public session settings.
- Select the organization for which you want the settings to apply.
- Configure the settings on the page and include a Session Display Name that you would like to appear on the device’s home screen, such as the name of your organization.
- Click Save changes.
- Go to Device management > Chrome management > Device settings.
- Select the organization you want to configure and under Kiosk Settings > Public Session Kiosk, select Allow Public Session Kiosk. This attaches the public session settings to the devices in the organization you select.
- Click Save changes. Settings typically take effect within minutes, but they might take up to an hour to propagate to the devices.
- Move the desired Chrome devices into the organization that that has the public session settings applied. Note that the Chrome devices must be enrolled in the domain for management before they appear under Chrome devices in the Admin console.
If you set Auto-Launch Public Session to Yes and enter 0 into the field Number of seconds before delaying auto-login, the device will be a Public Session Kiosk after you logout and go to the sign-in screen. If you want to launch a Chrome device with a single Chrome app full-screen, see how to set up a Single App Kiosk.
- Public session pods are prioritized over user pods on the login screen.
- You can only associate settings from one organization per device for setting up public sessions.
- Public session settings only apply to the Chrome devices you specify.
- Public session settings are not available for devices enrolled with a Single App Chrome Device Management License.
Public session user experience
On the login screen, the user sees the Session Display Name that you can set in the Admin console.
- When the user clicks a public session pod, it expands to show the domain name of the organization that manages the session.
- When the user clicks Enter, their session begins and they can start browsing the web.
If you uploaded a Terms of Service agreement in the Admin console, it will appear after the user clicks Enter, and they will need to click Accept to start the session.
The session is valid until a user signs out, or is idle for a period of time you specify and is automatically signed out. When the user ends the public session, all local user data is wiped from the device.
Public session settings
Settings unique to public sessions are listed in this table. Other settings are described in Set Chrome policies for users.
Common public session configurations
You can set the length of time for the exam for one hour, two hours, or however long you want to give students to take the test. You can lock down Internet access to prevent students from looking up answers online, and prevent them from taking screenshots. Learn more about Using Chromebooks for Student Assessments.
You can specify the period of use for the device from 30 minutes or 3 hours, or whatever length of time you want to specify. You can also configure the device to print with Cloud Print.
Business center/cyber cafe
Similar to library mode, you can set up the length of time for the user session, and you can also set up device-based policies on the device.
Unlike for library use, you can configure the device so that it doesn’t have a session timer. People can browse on the device at a kiosk or sales floor for an unlimited amount of time. For more on setting up the devices as a kiosk, see Single App Kiosk.
Common settings to configure with public sessions
In addition to the public session settings above, you can also configure any of the user and device settings offered by Chrome management with public sessions. Learn more about managing user settings and managing device settings. Popular settings include the following:
- Set up a home page
- Define a proxy
- Cloud Print
- Configure SafeSearch to filter objectionable content
- Custom wallpaper to personalize the desktop background
- Blacklist or whitelist access to different sites
- Pre-install specific apps to the device
- Configure a user’s length of session
- Allow Incognito Mode, Screenshots, Access to External storage, Allow Audio I/O and Video Input, among others.
Public session Chrome apps and extensions
All hosted Chrome apps and some packaged apps and extensions are supported in public sessions. Here are some popular public session apps:
|Chrome app||App ID|
|User Agent Switcher for Chrome||djflhoibgkdhkhhcedjiklpkjnoahfmg|
|VNC Viewer for Google Chrome™||iabmpiboiopbgfabjmgeedhcmjenhbla|
Run extensions and packaged apps in public sessions
Starting with Chrome version 57, public sessions supports the remote installation of extensions and packaged apps. To run Chrome apps and extensions in a public session, the app or extension can only declare the following subset of permissions in its manifest. If an app or extension declares a permission not in the list below, such as "cookies", the app or extension won't be installed in a public session.
*This just maximizes the window. An app cannot go full-screen in a public session.
**Apps and extensions can only get access to the base URL. Request for form upload data and web content will return empty strings.
How do I print from a Chrome device with public sessions?
You can set up printing with public sessions via the Cloud Print setting in the Admin console under Chrome Management > Device Settings.
How are public sessions different from guest mode?
Guest browsing is useful for quickly browsing the web. However, with guest browsing, you can’t preconfigure apps, limit the session length, enforce a variety of security policies, or manage sessions in a way most businesses and schools require. public session browsing allows you to enforce many user policies without requiring each user to sign in.
On what Chrome devices can I run public sessions?
Public sessions can be set up on any Chrome device that has the management console. If you’re having difficulties, please update the device to the latest version of Chrome OS. Learn more about managed Chrome devices, and contact our sales team if you’re interested in purchasing devices or management licenses.
What security features are built into public sessions?
Public sessions are built with all of the security settings that you get with Chrome, including sandboxing, privacy settings, and the ability for an admin to customize the security policies. What’s unique about using public sessions on Chrome devices is that all local user data is removed from the device when the user signs out.
How do I create a Chrome kiosk app that runs full-screen on the Chrome device?