For administrators who enroll Windows, Mac, or Linux computers in Chrome Enterprise Core.
As a Chrome Enterprise admin, you can force users to set up a separate profile when they sign in to Chrome browser using their managed Google Account on an unmanaged device. Creating different Chrome profiles lets users switch between their managed account and their other Google accounts, such as personal or test accounts, without signing out each time. No data or content is shared between profiles.
Your user-level Chrome policies and settings in the Google Admin console are applied only to the managed profile, not to their other profiles. You can manage and monitor managed profiles, including:
- Install your organizations Chrome extensions.
- Block installation of certain unapproved extensions.
- Track which extensions are installed on managed profiles.
- Delete a managed profile, such as when a user leaves an organization.
- Enforce certain browser settings in the managed profile.
- Enable a secure browser session to access corporate data using Chrome Enterprise Premium.
Note: When users create their new managed profile on their personal device, they must accept the disclaimer that they are managed.
Step 1: Review policies
Policy | Description |
---|---|
Controls whether Chrome browser offers to create or switch profiles when users sign in to a Google Account that’s different to the account that they’re currently using. Unset: Users aren’t prompted to create separate profiles. |
|
This policy is only supported in the Admin console. Use this policy with SigninInterceptionEnabled to require users to create a separate profile when users sign in to their managed Google Account on an unmanaged device. Suggested: When the user signs into a managed account, they are asked to continue using a managed profile as if it was enforced. If they refuse, they can continue their browsing in an unmanaged environment. Enforced: When the user signs into a managed account, they are required to continue using a managed profile. If they refuse, they are signed out of their account. This enforcement is not affected by the SigninInterceptionEnabled policy. Disabled: When the user signs into a managed account, they might see a bubble asking them to create a new profile. They can dismiss the bubble and the continue their browsing in an unmanaged environment. The bubble is controlled by the SigninInterceptionEnabled policy. |
Step 2: Set the policies
Can apply for signed-in users on any device or enrolled browsers on Windows, Mac, or Linux. For details, see Understand when settings apply.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeSettings. The User & browser settings page opens by default.
If you signed up for Chrome Enterprise Core, go to Menu Chrome browserSettings.
-
(Optional) To apply the setting only to some users and enrolled browsers, at the side, select an organizational unit (often used for departments) or configuration group (advanced). Show me how
Group settings override organizational units. Learn more
- Go to Sign-in settings:
- Click Signin interception:
- Select Enable signin interception.
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit (or Unset for a group).
- Click Enterprise profile separation, and do the following:
- Choose one of the following options :
- Suggest profile separation
- Enforce profile separation
- Disable profile separation
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit (or Unset for a group).
- Choose one of the following options :
- Click Signin interception:
Step 3: Verify policies are applied
After you apply any Chrome policies, users need to restart Chrome for the settings to take effect. You can check users’ devices to make sure the policy was applied correctly.
- On a user’s device, go to chrome://policy.
- Click Reload policies.
- Check the Show policies with no value set box.
- For the policies that you set, make sure that Status is set to OK:
- SigninInterceptionEnabled
- ProfileSeparationSettings
- For the policies that you set, make sure that the policy values match what you set in the policy.
- SigninInterceptionEnabled
- Not set—Enable signin interception
- True—Enable signin interception
- False—Disable signin interception
- ProfileSeparationSettings
- 0—Suggest profile separation
- 1—Enforce profile separation
- 2—Disable profile separation
- SigninInterceptionEnabled
On a user's device, to view information about how Chrome profiles are being managed, go to chrome://management.
Related topics
- Set up Chrome Enterprise Core
- Add an account for a new user
- Profile separation with Chrome browser guide
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.