Windows 10 – True SSO using Chrome

So after following the guide to push user certificates down on to Windows 10 devices, we need a way of configuring chrome policies to automatically pick the certificate. You can do this by leveraging reg files or Chrome ADMX policies. In this example we’re using reg keys. To do this, we need to export and push out a reg key to the devices.

The reg key should look like this: 

The exact syntax should follow this: https://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls

Make sure you specify the name of the CA that the cert is coming from.

After this reg entry has been made. We need to push it out using product provisioning.

Login to your Workspace One UEM console and navigate to the file/actions section of product provisioning:

Add a files/action and upload the exported reg key and .bat file that installs it.

My .bat file contains this: regedit /s c:\eucse\chromesettings\chromeautocert.reg

Specify where you want the files downloaded to and reference this in your .bat file.

No we need to tell the agent to run the .bat file, this is done under the ‘Manifest’ section here’s my example:

Make sure you then add the files/actions to a product and assign it to your required devices.

This should then install the reg entry on your Windows 10 devices and Chrome should now have that policy set (You may need to restart chrome).

Charlie Hodge

Sales Engineer specialising in Unified Endpoint Management (UEM) and Identity Management.

Technical Expertise:

o Okta – Identity Management – Providing single sign on services to applications
o VMware Workspace ONE – Configuring and managing AirWatch components across all device types.
o Digital Transformation – Helping organisations implement and deploy a modern strategy for UEM
o Networking – VPN, DNS, DHCP
o Device Management – macOS, iOS, Android, Windows and Rugged Devices
o Cloud Solutions – Azure, Office 365, Identity Providers, VMware AirWatch
o Server – Windows Server, Active Directory, Exchange