Understand user affiliation

When users are affiliated with the organization managing their Chrome browser, they are viewed as more trustworthy. Organizations place more restrictions on users that sign into browsers or ChromeOS devices that are not affiliated with the user's domain.

A Chrome browser user is affiliated if all the following conditions are met:

  • the Chrome browser is managed through Chrome Enterprise Core
  • AND the user is managed through Google Cloud Identity
  • AND the user and the managed browser belong to the same organization

A ChromeOS user is affiliated if all the following conditions are met:

  • the ChromeOS device is managed 
  • AND the ChromeOS user is managed
  • AND the user and the managed device belong to the same organization

In most instances, affiliated users belong to one domain registered for Chrome Enterprise Core. However, organizations can configure multiple domains to represent one organization. In this case, affiliated users can belong to multiple domains.

Example scenarios

Here are some scenarios when a user signs into a device.

Example 1

Scenario

Result 

Example 2

Scenario

Result 

Example 3

Scenario

Result

Note: This scenario is used to turn off some Google Cloud Services that require user affiliation.

Example 4

Scenario

Result 

Verify user affiliation

  1. On a managed Chrome browser or ChromeOS device, browse to chrome://policy.
  2. If a managed user is signed in, a User policies box is displayed under Status.
  3. The Is affiliated status should be set to Yes.

Related topics

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
14747135903509602017
true
Search Help Center
true
true
true
true
true
410864
false
false