For administrators who manage user-level Chrome browser policies from the Google Admin console.
Applies to managed Chrome browsers on Windows and Mac (version 70 or later).
The BrowserSignin policy can only be set as a cloud policy for Chrome browsers enrolled in Chrome Enterprise Core using the Admin console not as a cloud-based user policy. It can also be set using a platform policies provider like Windows Group Policy. For details, see Understand Chrome policy management.
As a Chrome Enterprise admin, you can force users to sign in to their managed Google Account before they use Chrome browser on a managed computer. Forcing users to sign in ensures that your user-level Chrome policies and settings in the Google Admin console are applied on users’ computers. You can also control who can save and synchronize Chrome browser settings and data to their managed Google Account.
You can force everyone in your organization to sign in or just specific users.
Before you begin
- Make sure browser management is turned on for your organization. For details, see Turn on Chrome browser management (user policies only).
- If you have an existing Chrome deployment, notify users in advance. Tell them that they need to sign in to their managed Google Account on a specific date.
Step 1: Review policies
You can set one or more of the following policies:
| Policy | Description and settings |
|---|---|
| BrowserSignin |
Specifies whether users can sign in to Chrome browser and sync browser information to their Google Account. Choose one of these options:
Unset: Users can sign in to Chrome browser. When users sign in to a Google service, such as Gmail, Chrome browser automatically signs them in. Users can change it. |
| RestrictSigninToPattern | Restricts which Google Accounts can be signed in to as primary users in Chrome browser.
Use it with BrowserSignin to force users with multiple Chrome profiles to sign in to a specific profile before using Chrome. Users can only sign in with profiles that match the patterns you specify. Unset: Users can sign in to any Google Account as a primary user in Chrome browser. |
Step 2: Set the policies
Note: You don't have to set these policies to enforce browser-level policies.
Click below for steps, based on how you want to manage these policies.
Policies Step 3: Have users sign in to Chrome
After you apply the policy, users are prompted to sign in to their profile the first time they open Chrome browser.
On user devices:
- Open Chrome browser.
- In the User Management window, click You.
- Sign in to a specific Chrome profile.
The next time users open Chrome, the browser automatically opens.
Step 4: Verify policies have been applied
After you apply any Chrome policies, users need to restart Chrome browser for the setting to take effect. You can check users’ devices to make sure the policy was applied correctly.
- On a managed ChromeOS device, browse to chrome://policy.
- Click Reload policies.
- Check the Show policies with no value set box.
- For RestrictSigninToPattern and BrowserSignin, make sure Status is set to OK.
- For RestrictSigninToPattern and BrowserSignin, click Show value and make sure that the value fields are the same as what you set in the policy.
Troubleshoot
Users can’t sign in to Chrome
Users are unexpectedly signed out of Chrome
Guest mode is no longer available
Policies don't immediately affect offline users
Chrome might prompt users to sign in again
Next step
- Set user-level Chrome policies
- Set up Chrome Enterprise Core
- See all Cloud-managed Chrome browser topics