Run the script once per computer per login and you'll be set.

Edit: And trigger the policy with Login.

To answer your question about making that into a Configuration Profile, here are steps you can take. This generally works pretty well when you need to create a one off CP that contains one or a few specific settings in it.

1. Open Terminal and run the following command, inserting your actual server addresses for the whitelist of course: defaults write ~/Desktop/com.google.Chrome.plist AuthServerWhiteList "serverhere.com"
2. This creates a new plist file on your Desktop labeled "com.google.Chrome.plist" with that AuthServerWhiteList setting in it.
3. Back in Terminal, run the following to convert the plist for use in Casper: plutil -convert xml1 ~/Desktop/com.google.Chrome.plist
4. Now go into your JSS, click on Configuration Profiles, click New, name it and set whatever other settings you need. Go into the Custom Settings payload and click the Configure button.
5. Click the Upload Property List File button and choose the plist on your Desktop to upload
6. The JSS will suck it in and convert the setting into the custom setting payload section. It will show up with a Preference Domain and the other settings you set.
7. Save it, and scope it to some test Macs to see how it deploys and most importantly, if it works. Not sure, but I believe you can deploy it at Computer Level and it should work ok.

Hope the above helps.

Thanks @cbrewer and @mm2270

I'm going to try your suggestion now. I also found that part of the issue is that if the user never ran Chrome, the .plist file would not exist, causing the script to fail. I'm hoping the configuration profile will fix this.

Another question -- if I wanted to include multiple settings in one plist, what would the syntax be?

I'm also running into similar issues with Firefox.. if the script ran before Firefox was launched at least once, there's no config files to modify.

Your defaults write command shouldn't be failing just because the file doesn't exist. It should create the plist file and add AuthServerWhitelist to it.

I'm using a very similar process and running it at login works perfect, even for new users who have never launched Chrome.

#!/bin/bash

defaults write /Users/$3/Library/Preferences/com.google.Chrome.plist AuthServerWhitelist "*.domain.com"
chown $3 /Users/$3/Library/Preferences/com.google.Chrome.plist

@cbrewer Let me try what you're doing. I'm using "sudo -u $currentuser defaults write com.google.Chrome AuthServerWhiteList "settingshere" and it's not creating the .plist file.

I'm also pushing at recurring check-in. Our users hardly ever log out and log in, and all use laptops which seem to not check-in on logout /logoff while on the wifi.

@cbrewer Just confirmed yours is working. I wonder why mine wasn't creating the file...

Edit:: It creates the .plist file, but the actual settings don't take effect when I view them in about://policy

Here's what I put in a script and ran

!/bin/bash

defaults write /Users/$3/Library/Preferences/com.google.Chrome.plist AuthServerWhitelist "iwa.xxxxx.com"
defaults write /Users/$3/Library/Preferences/com.google.Chrome.plist AuthNegotiateDelegateWhitelist "iwa.xxxxxx.com"
chown $3 /Users/$3/Library/Preferences/com.google.Chrome.plist

exit 0