Managed Guest Sessions

With managed guest sessions, multiple users can share the same device running Chrome OS without having to sign in to their Google Account. For example, use managed guest sessions to configure Chrome devices as loaner devices, shared computers.

With managed guest sessions, your users can have a full browsing experience and access multiple websites in windowed mode, not full-screen.

GAT Shield on Managed Guest Session #

GAT Shield can be set up and enabled for Managed Guest Session 

Prerequisite #

Chromebooks must be enrolled and the Managed Guest Session must be enabled for the Device OU. These settings can be found in the Google Workspace admin console

Deploy GAT Shield on MGS #

Within the Google’s Workspace admin console, navigate to Devices → Chrome → Apps and Extensions → Users & browsers

 

Then click on the Managed Guest Sessions tab.

Select the Organizational Unit and then click on the pulse + button to deploy the GAT Shield extension.

 

Select the option “Add Chrome app or Extension by ID”. 

Enter the ID and URL of the Open version or Closed version of GAT Shield.

You can find these values in the GAT Shield console under the setting “Extensions Deployment”

Below is where you can find the Extension ID and URL within the GAT Shield console. 

When the Extension ID and URL are added click on the “Save” button.

Enable extension on domain #

Click on the Extension and a pop-up side menu will be displayed:

  • Set up the “Permissions and URL access” to “Allow all permissions“.
  • Policy for extensions: {“domain”:{“Value”:”your_domain_name.com”}}

For example, our domain is called gatlabs.com so the policy would look like this:

Replace ‘your_domain_name.com’ with your own domain name.

{“domain”:{“Value”:”gatlabs.com”}}

Make sure to SAVE everything before leaving the section. 

Results  #

When Shield is enabled for Managed Guest Session, the users will be displayed in the Shield console as anonymous-ChromeOS serial number

Within the GAT Shield console, anonymous users on Managed Guest Sessions will appear without an email address and the text “anonymous-(serial. n)”.

The extensive reporting now available for MGS is described here. We recommend completing the setup before returning to this specific use case.

This website uses cookies to ensure you get the best experience on our website