Force users to sign in to Chrome Browser

Applies for managed Chrome Browsers on Windows and Mac.

Applies for Chrome version 64 or later on Windows.

Applies for Chrome version 66 or later on Mac.

As a Chrome Enterprise administrator, you can force users to sign in to their Chrome profile before they use Chrome Browser on a managed computer. Forcing users to sign in ensures that the Chrome policies and settings that you set in the Google Admin console are applied on users’ computers. You can force everyone in your organization to sign in or just specific users.

Before you begin

If you have an existing Chrome deployment, notify users in advance and tell them that they need to sign in to their Chrome profile on a specific date.

Step 1: Review policies

You can set one or more of the following policies:

Policy Description and settings
ForceBrowserSignin When enabled, forces users to sign in to Chrome with their profile before they can use  the browser.
RestrictSigninToPattern

When enabled, restricts which users can sign in to Chrome. 

Use it with ForceBrowserSignin to force users with multiple Chrome profiles to sign in to a specific profile before using Chrome. Users can only sign in to profiles that match the patterns you specify.

Step 2: Set the policies

Click below for steps, based on how you want to manage these policies.

Windows

Applies when users use Chrome Browser on Windows.

Using Group policies

Before you begin: Set up Chrome policies (Windows)

On your Windows computer

  1. Open your Group Policy Management Console.
  2. Go to User Configuration and then Policies and then Administrative Templates and then Google and then Google Chrome.
  3. Double-click Enables force sign in for Google Chrome.
  4. Check the Enabled box and click OK.
  5. Double-click Restrict Which Users are allowed to sign in to Google Chrome.
  6. Check the Enabled box.
  7. Enter the pattern for the users you want to specify.
    1. To specify all users in your domain, enter:
      ^.*@yourdomain\.com$b)
    2. To only allow one user sign in, enter:
      ^user-id@yourdomain\.com$
    3. To allow users from both yourdomain1.com and yourdomain2.org domains sign in, enter:
      ^.*@yourdomain1\.com$|^.*yourdomain2\.org$
  8. Click OK.

Mac

Applies when users use Chrome Browser on Mac.
In your Chrome configuration profile, add or update the following key. Then deploy the change to your users. 
  • Set the ForceBrowserSignin key to true:
    <key>ForceBrowserSignin</key>
             <true/>

Step 3: Have users sign in to Chrome

After you apply the policy, users are prompted to sign in to their profile the first time they open Chrome Browser.

On user devices:

  1. Open Chrome Browser.
  2. In the User Management window, click You.
  3. Sign in to a specific Chrome profile.

The next time users open Chrome, the browser automatically opens.

Step 4: Verify policies have been applied

After you apply any Chrome policies, users need to restart Chrome Browser for the setting to take effect. You can check users’ devices to make sure the policy was applied correctly.

  1. On a managed Chrome device, browse to chrome://policy.
  2. Click Reload policies.
  3. Check the Show policies with no value set box.
  4. For RestrictSigninToPattern and ForceBrowserSignin, make sure Status is set to OK.
  5. For RestrictSigninToPattern and ForceBrowserSignin, click Show value and make sure that the value fields are the same as what you set in the policy.

Troubleshoot

Users can’t sign in to Chrome

Some users might already be using Chrome with existing Chrome profiles before you force them to sign in. If that happens, only users who are signed in when you turn on the policy can continue to use Chrome. All other Chrome profiles are locked. To let users sign in to their Chrome profile again, you’ll need to turn off the ForceBrowserSignin policy. Then, make sure all users are signed in and follow the steps to enable the policy again.

Users are unexpectedly signed out of Chrome

Users are automatically signed out of Chrome if they signed in to a profile that doesn’t match the pattern you specify.

Guest mode is no longer available

When you turn on the ForceBrowserSignin policy, users can no longer open Guest mode in Chrome. They must sign in to their Chrome profile.

Policies don't immediately affect offline users

When users sign in to their Chrome profile for the first time, they need an internet connection. After that, they can use Chrome offline. However, any policies you set are only updated when devices are connected to the internet.

Chrome might prompt users to sign in again

When you turn on the ForceBrowserSignin policy, Chrome sometimes prompts existing users to sign in again because they need to reauthenticate their Chrome profile. For example, if a user just changed their Google Account password, they might be prompted to sign in again. Current policies continue to apply and are updated when the user signs in again.
Was this article helpful?
How can we improve it?