Deploy GAT Shield for Managed Guest Sessions

Managed Guest Sessions #

With managed guest sessions, multiple users can share the same device running Chrome OS without having to sign in to their Google Account.

For example:

Use managed guest sessions to configure Chrome devices as loaner devices, or shared computers.

With managed guest sessions, your users can have a full browsing experience and access multiple websites in windowed mode, not full-screen.

GAT Shield on Managed Guest Session #

GAT Shield can be set up and enabled for Managed Guest Session 

Prerequisite #

Chromebooks must be enrolled and the Managed Guest Session must be enabled for the chosen Device Org. Unit.

These settings can be found in the Google Workspace admin console

Go to Menu ""and then Devices > Chrome > Settings > Managed guest sessions settings

From the General tab > Managed guest session

In Configuration > select Allow managed guest sessions and enter the session name.

Session name to display on login screen*

Deploy GAT Shield on Managed Guest Session (MGS) #

Within Google’s Workspace admin console, navigate to Devices → Chrome → Apps and Extensions → Users & browsers 

Select the OU where you want to deploy the Managed Guest Session

Select the Organizational Unit and then click on the plus + button.

Enter ID and URL #

From the options shown select Add the Chrome app or extension by ID

NOTE: A pop-up window will be displayed, select the From a custom URL option.

The ID, URL, Webcam URL, and Policy for an extension can be found in Shield under Help – Extensions deployment

Find the ID and URL #

You can find these values in the GAT Shield console under the setting “Extensions Deployment”

A pop-up window will be displayed with Extension deployment details: Extension ID and URL

When the Extension ID and URL are added click on the “Save” button.

Enable extension on domain #

The Shield Extension is now installed.

Click on the newly installed extension > pop-up window will be displayed on the side > in the “Installation policy,” click and select “Force install #

Scroll down on the same window to the bottom of the page to find Policy for extensions 

Enter the Secret key – taken from  Shield under Help – Extensions deployment

Under the “Permissions and URL access” field click on and select “Allow all permissions”.

When all the changes are done – click on the Save button on the top right

Results  #

When Shield is enabled for Managed Guest Session, the users will be displayed in the Shield console as anonymous-ChromeOS serial number@domain.com”

Within the GAT Shield console, anonymous users on Managed Guest Sessions will appear without an email address and the text “anonymous-(serial. n)”.

The extensive reporting now available for MGS is described here.

We recommend completing the setup before returning to this specific use case.

This website uses cookies to ensure you get the best experience on our website