ChromeOS in authentication policy rules

This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

You can now select ChromeOS as a device platform in authentication policy rules. Previously, you could only select Any or Desktop_Other to match ChromeOS as a device platform in a rule.

If ChromeOS support is enabled, you can select ChromeOS in a rule.

To enable ChromeOS as a device platform in authentication policy rules, follow these steps:

  1. In the Admin Console, go to SettingsFeatures.
  2. Scroll to ChromeOS as a device platform.
  3. Click the toggle to enable the feature.

If you select a device platform in authentication policy rules, you can audit and filter events by platform. Don’t define your authentication policies based on the device platform.

Automatic migration

Any rules configured with Desktop_Other as a device platform are automatically updated to include both ChromeOS and Desktop_Other as the device platforms to match. For example, after a rule is automatically updated, both Desktop Other and ChromeOS platforms appear in the rule description:

If you don’t want the rule to apply to ChromeOS, remove ChromeOS manually.

If you disable support for ChromeOS, the automatically migrated rules that match Desktop_Other and ChromeOS are reset to match only the Desktop_Other device platform. For example, after a rule is reset, only the Desktop_Other platform appears in the rule description.

Remove ChromeOS as a device platform

If you create rules for ChromeOS, they’re not automatically reset to a different platform if you disable the ChromeOS feature. Before you disable the feature, update any rules that you created while the feature was enabled:

  • Remove ChromeOS as a device platform from the rule.

  • Replace ChromeOS with another device platform in the rule.

  • Deactivate, then delete the rule that checks for ChromeOS.

After you remove ChromeOS from all the rules, go to SettingsFeature. Scroll to ChromeOS as a device platform, and click the toggle to disable the feature.

Limitations in this release

  • If you use Firefox or Opera as your browser on a ChromeBook device, the authentication rule doesn’t recognize the device platform as ChromeOS.

  • Because Okta Verify isn’t available for ChromeOS, some features such as Okta FastPass, aren’t supported. Because Okta FastPass isn’t supported, the Access with Okta FastPass is granted condition has no effect in rules that check for ChromeOS.

  • You can’t select ChromeOS as a device platform when you configure the routing rules for identity providers.

  • Signing in from a ChromeOS device doesn’t create a device record for users.

  • You can’t use ChromeOS in custom expressions.

Known issue in this release

If you attempt to disable the ChromeOS as a device platform feature without removing ChromeOS from authentication policy rules, the Admin Console displays misleading success and error messages. You can ignore this issue. However, before you disable the feature, remove ChromeOS from all authentication rules.