Managed Guest Sessions #
With managed guest sessions, multiple users can share the same device running Chrome OS without having to sign in to their Google Account.
Use managed guest sessions to configure Chrome devices as loaner devices, or shared computers.
With managed guest sessions, your users can have a full browsing experience and access multiple websites in windowed mode, not full-screen.
GAT Shield on Managed Guest Session #
GAT Shield can be set up and enabled for Managed Guest Session
Chromebooks must be enrolled and the Managed Guest Session must be enabled for the chosen Device Org. Unit.
These settings can be found in the Google Workspace admin console.
Go to Menu Devices > Chrome > Settings > Managed guest sessions settings
From the General tab > Managed guest session
In Configuration > select Allow managed guest sessions and enter the session name.
Session name to display on login screen*
Deploy GAT Shield on Managed Guest Session (MGS) #
Within Google’s Workspace admin console, navigate to Devices → Chrome → Apps and Extensions → Users & browsers
Select the OU where you want to deploy the Managed Guest Session
Select the Organizational Unit and then click on the plus + button.
Enter ID and URL #
Select the option “Add Chrome app or Extension by ID”.
Enter the ID and URL of the Open version or Closed version of GAT Shield.
Find the ID and URL #
You can find these values in the GAT Shield console under the setting “Extensions Deployment”.
Pop up window will be displayed with Extension deployment details: Extension ID and URL
When the Extension ID and URL are added click on the “Save” button.
Enable extension on domain #
Click on the Extension and a pop-up side menu will be displayed:
- Installation policy > Force install
- Permissions and URL access > “Allow all permissions“.
- Policy for extensions >
For example, our domain is called gatlabs.com so the policy would look like this:
Replace ‘your_domain_name.com’ with your own domain name.
Make sure to SAVE everything before leaving the section.
When Shield is enabled for Managed Guest Session, the users will be displayed in the Shield console as “anonymous-ChromeOS serial firstname.lastname@example.org”
Within the GAT Shield console, anonymous users on Managed Guest Sessions will appear without an email address and the text “anonymous-(serial. n)”.
The extensive reporting now available for MGS is described here.
We recommend completing the setup before returning to this specific use case.