Public session device policy

Configure Chrome OS devices to run in a public session that doesn’t require a user to sign on. Instead, a public session prompt appears on the sign on screen.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

Deploy a public session device

Assign the Public session policy to a specific delivery group rather than the All Users group. For information on configuring delivery groups, see Deploy Resources. After successfully enrolling the device and signing out, “Public Session” and the configured display name appears on the sign-on screen.

To remove a device from public session mode:

  1. Remove the policy from the delivery group.
  2. On the Manage > Devices page, select the device and then click Deploy.

    This action removes the Endpoint Management policies from the device. You can then delete the device from the console.

Chrome OS settings

Device Policy settings

  • Public session
    • Public session enabled: Select whether the public session is enabled or disabled. Requires G Suite Chrome configuration. Default is On.
    • Display name: Type a name to display on the sign-on screen of the device.
    • Session duration in minutes: Type the number of minutes for the session to last. The systems signs users out after this amount of time. Default is 60.
  • Security
    • Disable Incognito mode: Don’t allow users to browse in Incognito mode. Default is On.
    • Show home button: Allow users to see the home button in their browser. Default is Off.
    • Disable proceeding from the safe browsing warning page: Don’t allow users to proceed to sites that can be harmful. Default is On.
    • Safe browsing mode: Turn on a safe browsing mode that warns users when they’re about to access a potentially harmful site. Default is Off.
    • Disable saving browsing history: Don’t allow the browser to save browsing history or sync tabs from other Chrome OS devices. Default is On.
    • Disable deleting browsing and download history: Don’t allow the user to delete browsing and download history from their session. Users can edit or delete the history database files directly. Default is On.
    • Disable bookmarks bar edit: Don’t allow users to edit the bookmarks you’ve configured. Default is On.
    • External storage accessibility: Select whether users can access external storage devices, such as USB drives. Choose between DEFAULT, READ ONLY, or READ WRITE. Default is DISABLED.
    • Whitelisted websites: Configure a list of websites that users can access. Wildcard expressions are allowed, such as http://*.citrix.com.
    • Blacklisted websites: Configure a list of websites that users can’t access. Wildcard expressions are allowed.
  • Content
    • Home page settings: Choose what content users see on the home page. Options are New tab page and Home page URL. Default is New tab page.
    • Pop-up default settings: Select whether pop-ups are allowed. Default is Allow pop-ups.
    • Pop-ups allowed from these sites: If you disallow pop-ups, you can configure specific sites from which to allow pop-ups.
    • Pop-ups not allowed from these sites: If you allow pop-ups, you can configure specific sites from which to block pop-ups.
    • Pages to load on startup: Configure a list of URLs to be loaded when the session begins.
  • Bookmarks
    • Enable bookmarks bar: If On, the bookmarks bar is displayed. Default is On.
    • Folder name: Type a name for the bookmarks folder.
    • Bookmark: Configure a list of bookmarks to appear, including a Name and Bookmark URL.
  • Chrome apps
    • App install allowed: Select whether users can install apps or not. Options are Allowed, Not allowed, or Unspecified. If you choose Unspecified, the device default occurs. Default is Allowed.
    • You can also configure a list of apps to specifically allow or disallow.
      • App name: Type a name for the app.
      • App ID: Type the app ID for the app.
      • App install allowed: Select whether this app is Allowed, Not allowed, or Unspecified. Default is Allowed.
      • Installed: If On, the app installs on the device automatically. Default is Off.
      • Pinned: If On, the app is pinned to the task bar. Default is Off.
      • URL: Type the app URL.
      • Extension policy: Type JSON parameters or a URL specific to the app you’re configuring.

Public session device policy