arrow_back

Configure Managed Guest Sessions for Public Access or Shared ChromeOS Devices

Sign in Join
Test and share your knowledge with our community!
done
Get access to over 700 hands-on labs, skill badges, and courses

Configure Managed Guest Sessions for Public Access or Shared ChromeOS Devices

Lab 1 hour 30 minutes universal_currency_alt No cost show_chart Introductory
Test and share your knowledge with our community!
done
Get access to over 700 hands-on labs, skill badges, and courses

GSP1206

Google Cloud self-paced labs logo

Overview

Managed guest sessions allow multiple users to share the same ChromeOS device without having to sign in to their Google Account. This feature is useful in scenarios where ChromeOS devices are shared among different users, such as loaner devices or shared computers.

With managed guest sessions, each user can have a full browsing experience and access multiple websites in windowed mode, instead of full-screen. In this lab, you learn how to create Organizational Units (OUs) and configure managed guest session settings for different OUs.

Objectives

Learn managed guest session best practices and use the Google Admin console to:

  • Create an organizational unit structure for managed guest sessions

  • Set up managed guest session settings for Library OU

  • Set up managed guest session settings for School Loaner OU

  • Set up managed guest session settings for Internet Cafe OU

Prerequisites

To get the most from this lab, familiarity with basic Google Admin console terminology is recommended.

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access the Google Admin console for the duration of the lab.

To complete this lab, you need:

  • Access to a standard internet browser (Chrome browser recommended).
Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.
  • Time to complete the lab---remember, once you start, you cannot pause a lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

Start your lab

When you are ready, click Start Lab in the upper left.

Sign in to the Google Admin Console

To access the Google Admin Console, you must find your credentials and then sign in.

Find your lab's User Email and Password

To access the resources and console for this lab, locate the User Email and Password in the Lab Details panel. This panel is on the left or at the top, depending on the width of the browser window. Use these credentials to log in to the Google Admin Console.

If your lab requires other resource identifiers or connection-related information, they will appear on this panel as well.

Sign in to the Admin Console

  1. Click Open Google Admin Console.

Tip: Open the tabs in separate windows, side-by-side.

Note: If you see the Verify your account dialog:
  • Click Next.
  • Click the prefilled user.
  • Click Use another account.

  1. Enter the User Email and Password.

  2. Accept all terms and conditions as prompted.

The Admin Console opens.

  1. Click VERIFY DOMAIN in either the yellow box at the top or the red box in the Domains card.

  2. Click Next.

  3. In the Welcome, let's set up Google Workspace dialog, click Next for all the pop-up guides and then click Finish.

  4. Click Protect.

  5. Click I’m ready to protect my domain. Google verifies your training domain. Ignore step 2, Create new users and step 3, Activate Gmail sections.

  6. Click Admin in the top left to open the Google Admin Console home page.

Start Trial for Chrome Enterprise Upgrade

To manage Chrome devices from the admin console you need a Chrome Enterprise or Education Upgrade, follow these steps to start a trial in your test environment.

  1. In the Admin console, from the Navigation menu (Navigation menu icon), select Devices > Chrome > Devices.

  2. In the Terms of Service (TOS) pop-up pop-up, click I Accept.

  3. Click Start Trial for Chrome Enterprise Upgrade. It allows you to manage any number of devices.

  4. Then, click Next and leave the Trial Plan selected.

  5. Click Checkout, then Place Order.

  6. Click X to close the Thanks for your purchase pop-up.

Note: To test the application of device policies you set in your Google Admin console, you can enroll ChromeOS devices in your test environment. Alternatively you can install ChromeOS Flex on Windows, Mac, or Linux devices.

Task 1. Create an organizational unit (OU) structure

To apply different settings to specific users or devices, create a child OU under the top-level OU. Then, customize the inherited settings of the child OU to apply those settings to its members.

In this task, you’ll create an OU and child OUs for managed guest sessions.

Create an OU

  1. In the Admin console, from the Navigation menu (Navigation menu icon), select Directory > Organizational units.

  2. Click Create organizational unit to create a new OU.

  3. For Name of organizational unit, enter Managed Guest Session.

  4. (Optional) For Description, enter the OU description.

  5. Click CREATE.

Create child OUs

  1. Make sure you’re on the Organizational units page.

  2. Hover over the Managed Guest Session organization unit and click the Create new organizational unit icon (+).

  3. For Name of organizational unit, enter Library.

  4. (Optional) For Description, enter the OU description.

  5. Click CREATE.

  6. Repeat steps 2-5 and create the School Loaner and Internet Cafe OUs.

Click Check my progress to verify the objective. Create an organizational unit (OU) structure

Task 2. Set up managed guest session settings for a Library OU

The managed guest session setting is set to Do not allow managed guest sessions by default. Follow below steps to allow managed guest sessions:

Configure display name

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the Library OU.

  3. In the General settings, select Managed guest session.

  4. From the Configuration drop-down, select Allow managed guest sessions to use managed guest sessions on ChromeOS devices.

  5. In the Session name to display on login screen field, enter Library. This is the name users see for the session.

  6. Click Save.

  7. Repeat steps 2-6 and allow managed guest sessions for School Loaner and Internet Cafe OUs.

    OU name Session name
    School Loaner School Loaner
    Internet Cafe Internet Cafe

Managed guest session best practices: Disable user Sign-in and Guest mode

  • Guest mode: This feature controls whether to allow guest browsing on managed ChromeOS devices. If you select Allow guest mode, the main sign-in screen offers the option for a user to sign in as a guest. If you select Disable guest mode, a user must sign in using a Google Account. When a user signs in using guest mode, your organization's policies are not applied.

  • Sign-in restriction: This feature allows you to manage which users can sign in to ChromeOS devices. If you allow guest browsing or managed guest sessions, users can use devices no matter which setting you choose.

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Device settings.

  2. Select the Managed Guest Session OU.

  3. In the Sign-in settings, select Guest mode.

  4. From the Configuration drop-down, select Disable guest mode.

  5. Click Save.

  6. Go back to Sign-in settings, click Sign-in restriction.

  7. From the Configuration drop-down, select Do not allow any user to sign in.

  8. Click Save.

Disable browser history saving

This feature controls whether Chrome browser saves the user's browsing history.

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the Library OU.

  3. Scroll down to Security settings, and click Browser history.

  4. From the Configuration drop-down, select Never save browser history.

  5. Click Save.

Click Check my progress to verify the objective. Set up managed guest session settings for Library OU

Task 3. Set up managed guest session settings for a School Loaner OU

Disable incognito mode

Prevent users from opening new Incognito windows with Disallow incognito mode. Chrome browser does not close Incognito windows that are already open or prevent users from opening new tabs in those windows.

  1. From the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the School Loaner OU.

  3. Scroll down to Security settings, and click Incognito mode.

  4. From the Configuration drop-down, select Disallow incognito mode.

  5. Click Save.

Disable spell check

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the School Loaner OU.

  3. Scroll down to User experience settings, and click Spell check.

  4. From the Configuration drop-down, select Disable spell check.

  5. Click Save.

Click Check my progress to verify the objective. Set up managed guest session settings for School Loaner OU

Task 4. Set up managed guest session settings for an Internet Cafe OU

Disable video input to prevent Webchat

This setting determines whether websites can access the built-in Chrome device webcam. By default, Enable camera input for websites and apps is selected. For URLs other than the ones you specify in Video input allowed URLs, users are prompted for video capture access.

If you select Disable camera input for websites and apps, video capture is available only for websites that you specifically allow in the Video input allowed URLs list.

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the Internet Cafe OU.

  3. Scroll down to Hardware settings, and click Video input (camera).

  4. From the Configuration drop-down, select Disable camera input for websites and apps.

  5. Click Save.

Disable address form autofill

This setting determines whether the user can use the autofill feature to simplify the completion of their address online. The first time a user enters their address, Chrome automatically saves the entered information.

You can turn the autofill feature off or allow the user to configure the option.

If you select Never Autofill address forms, autofill never suggests or fills address information or saves any additional address information users submit when browsing the web.

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the Internet Cafe OU.

  3. Scroll down to User experience settings, and click Address form Autofill.

  4. From the Configuration drop-down, select Never Autofill address forms.

  5. Click Save.

External storage devices

This feature controls whether users in your organization can use ChromeOS devices to mount external drives, including USB flash drives, external hard drives, optical storage, Secure Digital (SD) cards, and other memory cards. If you disallow external storage and a user attempts to mount an external drive, Chrome notifies the user that the policy is in effect.

  1. From the Admin console, in the Navigation menu (Navigation menu icon), select Devices > Chrome > Settings > Managed guest session settings.

  2. Select the Internet Cafe OU.

  3. Scroll down to Hardware settings, and click External storage devices.

  4. From the Configuration drop-down, select Disallow external storage devices.

  5. Click Save.

Click Check my progress to verify the objective. Set up managed guest session settings for Internet Cafe OU

Congratulations!

In this lab, you configured various managed guest sessions settings to set up secure ChromeOS devices for users. You began by creating an organizational unit structure for managed guest sessions, and concluded with configuring various managed guest sessions for library, school loaner, and internet cafe OUs.

Next steps / Learn more

ChromeOS training and certification

...helps you make the most of ChromeOS technologies. Our classes include sale and technical skills to help you get up to speed quickly and continue your learning journey. The Professional ChromeOS Administrator Certification helps you demonstrate your expertise and validate your ability to transform businesses and schools with ChromeOS.

Manual Last Updated February 09, 2024

Lab Last Tested February 08, 2024

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.