Integrate Okta with ChromeOS and Chrome browser

Okta admins can set up the Chrome Device Trust connector to secure access to Okta-protected resources on ChromeOS. The Chrome Device Trust connector can also manage Chrome browsers on Windows and macOS.

Prerequisites

Chrome Device Trust requires users to sign in to Google Workspace with their Okta credentials. Ensure that SSO for Google Workspace using Okta is configured and working before proceeding, and verify the following prerequisites before integrating Chrome Device Trust:

• You have an Okta Integration Network enabled tenant.

• You use Google Chrome Enterprise for either:

  • Chrome device management (ChromeOS)

  • Cloud-managed Chrome browser for macOS or Windows. Linux isn't supported currently.

• Chrome Device Trust is enabled in the Okta Admin Console.

• An app integration for Google Workspace is installed in your Okta org. See Get started with app integrations.

• Okta SSO is configured in the Google Admin console. See Set up SSO for your organization.

• Signals from ChromeOS require the devices to be enrolled in device management in the Google Admin console.

• Signals from macOS and Windows require Chrome browser to be enrolled in browser management in the Google Admin console.

• Chrome Device Trust isn't supported for Incognito mode.

Tasks

• Set up the Chrome Device Trust connector

• Create a device assurance policy for ChromeOS

• Create a device assurance policy for managed Chrome browsers

• Add device assurance to an authentication policy