Set up local data recovery on ChromeOS devices

If you set up local data recovery in your organization, users that have performed password recovery can recover data stored locally on their ChromeOS devices by signing in online. They do not have to provide their old password.

Considerations

  • Available for Gmail users of ChromeOS devices with ChromeOS version 118 or higher. For details, see Use local data recovery on Chromebook.
  • From ChromeOS version 118, admins of Enterprise and Education domains can turn on local data recovery for their users.
  • Available on ChromeOS Flex if the device has a Trusted Platform Module (TPM). For details, see Use TPM with ChromeOS Flex.
  • After you have turned on account recovery, it does not work immediately for existing users. The users must sign into their device accounts at least twice after activation to use account recovery. It works immediately for newly-created users.
  • As part of the recovery process, managed users users need to sign in online and do the following:
    • Enter their Google account password if they are using Google identity.
    • Enter their external identity provider password if they are using SAML single sign-on.
  • If Google identity is used, users can either request a new password from their admin or the admin can turn on password recovery for all or selected users. For details, see Set up password recovery for users.

Note: Password recovery is turned off by default, but it can be turned on in the Google Admin Console.

Turn on local data recovery

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenSettings. The User & browser settings page opens by default.

    If you signed up for Chrome Enterprise Core, go to Menu and then Chrome browserand thenSettings.

  3. (Optional) To apply the setting only to some users and enrolled browsers, at the side, select an organizational unit (often used for departments) or configuration group (advanced). Show me how

    Group settings override organizational units. Learn more

  4. Go to Securityand thenAccount recovery.
  5. Click Account recovery.
  6. Choose one of the following options:
    1. Defer activation of account recovery until migration phase (see help center)—Maintains user data recovery in the default option. At the moment, that default option is Deactivate account recovery. However, the default will change in the future to the Activate account recovery option. Google will notify your IT Admin by email before this happens.
    2. Activate account recovery—Activates user data recovery and the user is not allowed to change it.
    3. Activate account recovery and allow users to override—Activates user data recovery, but the user is allowed to change it.
  7. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit (or Unset for a group).

To turn off local data recovery, select Deactivate account recovery. This deactivates user data recovery and the user is not allowed to change it.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
5665527603178184250
true
Search Help Center
true
true
true
true
true
410864
false
false