Skip to main content
Question

Restrict primary accounts in Google Chrome

  • November 8, 2023
  • 6 replies
  • 190 views
Steven_Xu
Forum|alt.badge.img+7

To prevent user from syncing Chrome data with their personal google account, a custom setting for Google Chrome can be set and deployed by Jamf Pro. 

Preference Domain: com.google.Chrome

Plist file content:

 

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>RestrictSigninToPattern</key> <string>(?:.*@domain1.com|.*@domain2.com)</string> </dict> </plist>

 

 

let's check the managed chrome policy status and the sync result.

 

 

C

6 replies

czarmark
Forum|alt.badge.img+5
  • czarmark
  • New Contributor
  • November 8, 2023

Intriguing! This is for new installs or new sign-in attempts only? If Chrome's already installed and signed into, pushing out this configuration would have no effect on those situations, right? 

Steven_Xu
Forum|alt.badge.img+7
  • Steven_Xu
  • Author
  • Contributor
  • November 8, 2023

Intriguing! This is for new installs or new sign-in attempts only? If Chrome's already installed and signed into, pushing out this configuration would have no effect on those situations, right? 


Good question. if Chrome is already installed and logged in, synchronization will be forcibly turned off if the login domain is not on the list, but all current data(bookmarks, history, etc.) will be retained.

czarmark
Forum|alt.badge.img+5
  • czarmark
  • New Contributor
  • November 8, 2023

Aha yes I created the configuration profile in our sandbox, signed into a Google account (not in a restricted to domain) in Chrome on a test Mac, then scoped the profile to the Mac, and upon restarting Chrome, it was signed out of the Google account. This is awesome, thanks so much for posting this!

khinkelman
Forum|alt.badge.img+5
  • khinkelman
  • Jamf Heroes
  • April 19, 2024

Is there a way to restrict the sign-in all together? 

Steven_Xu
Forum|alt.badge.img+7
  • Steven_Xu
  • Author
  • Contributor
  • July 15, 2024

Is there a way to restrict the sign-in all together? 


If you want to restrct the sign-in domain of the google account, you need use AllowedDomainsForApps key.

https://chromeenterprise.google/policies/#AllowedDomainsForApps

A
Forum|alt.badge.img+9
  • aghali
  • Contributor
  • August 25, 2025

Here’s my configuration profile plist file:

 

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>RestrictSigninToPattern</key> <string>.*@YourDomainName.org</string> <key>AllowedDomainsForApps</key> <string>YourDomainName.org</string> </dict> </plist>

This allows the user to login with their personal gmail accounts but they can’t do much with it. They can’t enable sync and they can’t use any of the Apps like; Gmail, Drive, Chat, extra…

Only your allowed domain listed in the plist file can do all the above as normal. Hope this helps! 

Terms & ConditionsCookie settingsAccessibility statement