Clear managed Chrome profile browsing data

Early Access release. See Enable self-service features.

This feature lets you automatically terminate client sessions within managed Chrome profiles.

When an endpoint or app is compromised, attackers often attempt to harvest the stored credentials and access tokens. By clearing browser-based session data across all of a user's managed Chrome devices, this feature helps reduce the blast radius of a security incident. It also proactively blocks unauthorized access when a user leaves your org.

Benefits

Blast radius reduction

Automatically clear browser-stored cookies and tokens during a detected threat.

Unified security orchestration

Trigger browser-level remediation directly from Workflows and configure it through ITP policies.

Managed profile precision

Target security actions specifically to corporate-managed Chrome profiles without impacting personal user data.

How it works

This feature is offered through Identity Threat Protection. It requires managed Chrome profiles, which are provisioned through Chrome Enterprise Core or Google Workspace. Personal Chrome profiles on the same device aren't affected.

When ITP detects a risk signal, it triggers a policy-driven action that communicates with Chrome's management APIs. Okta instructs the browser to clear cookies and cached data associated with the managed identity.

This feature complements Universal Logout by adding a client-side layer of defense. While Universal Logout terminates sessions at the app level by instructing downstream apps to end user sessions, clearing managed Chrome profile browsing data eliminates the browser-stored tokens and cached data that attackers steal. Using these features together ensures that apps revoke access while the browser removes any session evidence on the device.

Get started

Configure the Clear managed Chrome profile browsing data feature