Known issues with the CEP integration
The following known issues exist in the Secure Private Access integration with Chrome Enterprise Premium.
Secure Private Access user interface
-
Issue: Session policy configuration currently allows users to add only two simulate conditions, even though three conditions are available. This limits flexibility in policy creation.
Workaround: Create two separate session policies; one with two of the simulate conditions and another policy with the remaining condition.
[SPA-29346]
-
Issue: The TCP/UDP server-to-client configuration option is currently not available in the application configuration UI across all customer environments. This limits the ability to define server-to-client traffic behavior.
Workaround: No workaround is currently available.
[SPA-29819]
CEP integration service
-
Issue: When configuring Chrome Enterprise Integration in Secure Private Access,(through the onboarding wizard or the Browser settings page), specifying more than eight user groups might cause provisioning failures. As a workaround, do the following:
-
Workaround: Use a dedicated directory parent group that encompasses all required groups. Configure this parent group during onboarding. If group membership changes in the directory, repeat the synchronization process to Google’s Directory.
[SPA-29389]
Google Chrome browser
-
Issue: If the Google profile picker is open and the user tries to launch an app from CWA or a non-Chrome browser when there is no existing profile, the profile creation workflow is not triggerred.
Workaround: Close the profile picker and relaunch the app.
[SPA-29057]
-
Issue: Logging into CWA with a managed Chrome profile and launching an app does not take the user to the original internal app URL after profile creation.
Workaround: After the profile creation, relaunch app.
[SPA-29296]
-
Issue: Users part of a group is not auto synced when synced a group from Google Admin console. The
whoCanViewGroupMembershipsetting is explicitly overridden toALL_MANAGERS_CAN_VIEWduring the sync. So, the restricted visibility is expected.Workaround: Manually update the google group permission on the Google Admin console or usomg via API. For details, see https://developers.google.com/workspace/admin/groups-settings/manage.
-
Issue: Users are prompted to authenticate with a user name and password through a proxy pop-up when accessing published SaaS/Web applications through a managed Chrome profile. This typically occurs after a period of inactivity:
Causes:
- A proxy token is unavailable or the proxy token is available but has subsequently expired.
- The SEB extension requires re-initialization due to delayed initialization.
Workaround: Relaunch the Chrome session in a new window.
-
Issue: Users might experience intermittent “Service Unavailable” errors when accessing external SaaS applications through Managed Chrome profiles or Citrix Workspace App. This issue is due to an unresolved backend issue on Google’s infrastructure.
Workaround: Contact the Google team for support.