Skip to main content

Hi all,

For a bit now our users have noticed that if they use chrome, they get prompted to sign into our various O365 logins over and over if they close their tab or window.   This doesnt happen if they "sign into google" and turn on syncing.  However anyone using a guest or unnamed profile in google loses their authentication once the window is closed.  

 

We are in the process of requiring MFA for all our staff however anyone with google is getting prompted over and over to sign in and get their phone pin, since each time they close their window it requires re logging in.

 

This does not happen in Safari or Firefox, where once signed in, and you close a window, it remembers that you signed in.

 

I started playing with plists for chrome to see if we could get this to work as it used to and figured it was something with cookies or related to guest browsing and I have yet to find the right plist to make this work.

 

Anyone else seeing this?

I saw this Google verification issue with a couple users, and it went away when they unchecked the option to "Clear cookies and site data when you close all windows" in their browser settings. 

Unfortunately this does not work if the user is in a guest account or just not signed into their account.  It seems to not actually do anything otherwise.

Have you looked at adding a managed com.google.Chrome.plist?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AuthNegotiateDelegateWhitelist</key>
<string>*.domain.com</string>
<key>AuthServerWhitelist</key>
<string>*.domain.com</string>
<key>HomepageIsNewTabPage</key>
        <false/>
    <key>HomepageLocation</key>
    <string>https://website.com</string>
     <key>RestoreOnStartup</key>
    <integer>4</integer>
    <key>RestoreOnStartupURLs</key>
    <array>
        <string>https://website.com</string>
    </array>
    <key>ShowHomeButton</key>
    <true/>
</dict>
</plist>

Have you looked at adding a managed com.google.Chrome.plist?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AuthNegotiateDelegateWhitelist</key>
<string>*.domain.com</string>
<key>AuthServerWhitelist</key>
<string>*.domain.com</string>
<key>HomepageIsNewTabPage</key>
        <false/>
    <key>HomepageLocation</key>
    <string>https://website.com</string>
     <key>RestoreOnStartup</key>
    <integer>4</integer>
    <key>RestoreOnStartupURLs</key>
    <array>
        <string>https://website.com</string>
    </array>
    <key>ShowHomeButton</key>
    <true/>
</dict>
</plist>

Yea I made a profile with profile creator and whitelisted all the domains that would use our office 365 logins.  Still no change when they either dont sign in (guest mode) or sign in but dont sync.

We found a way around this issue using the chrome extension called "Windows Accounts" resolved it for us.

Reply


Terms & ConditionsCookie settings