caption: Add restrictions on a managed account's usage as a secondary account on ChromeOS
default: all
deprecated: true
desc: |-
Removed in M122 - this is a server-side-only policy that never used the ChromeOS policy infrastructure for its propagation.
If this policy is set to <ph name="POLICY_VALUE_ALL">'all'</ph> or not set, all usages of managed accounts are allowed. This may result in a managed account being a secondary account, which would only receive policies when the account is signed-in as a primary account in a browser Profile.
Policies set to the account won't be enforced in the following scenarios:
- Being a secondary account at the OS level (Account Settings)
- Being a secondary account in a browser Profile
If this policy is set to <ph name="POLICY_VALUE_PRIMARY_ACCOUNT_SIGNIN">'primary_account_signin'</ph> on an account, this account will be allowed to sign in as a primary account only. It won't be allowed to sign in as a secondary account.
example_value: primary_account_signin
features:
dynamic_refresh: false
per_profile: false
items:
- caption: All usages of managed accounts are allowed
name: All
value: all
- caption: Block addition of a managed account as Secondary Account on ChromeOS (in-session)
name: PrimaryAccountSignin
value: primary_account_signin
owners:
- [email protected]
- [email protected]
- [email protected]
schema:
enum:
- all
- primary_account_signin
type: string
supported_on:
- chrome_os:103-121
tags: []
type: string-enum
Codebase Browser
chromium