caption: Enable the <ph name="CHROME_ENTERPRISE_DEVICE_TRUST_CONNECTOR">Chrome Enterprise Device Trust Connector</ph> attestation flow for a list of URLs on Managed Profiles
desc: |-
Enable <ph name="CHROME_ENTERPRISE_DEVICE_TRUST_CONNECTOR">Chrome Enterprise Device Trust Connector</ph> for a list of URLs.
Setting this policy specifies for which URLs <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will offer to start the attestation flow for managed profiles. The latter allows those websites to get an attested set of context-aware signals from the device.
This policy can only be configured via the Chrome Enterprise Connectors page on the <ph name="GOOGLE_ADMIN_CONSOLE_PRODUCT_NAME">Google Admin console</ph>.
Leaving this policy unset or empty means that no website will be able to start a user-level attestation flow and get signals from the device. However if the corresponding
<ph name="BROWSER_CONTEXT_AWARE_ACCESS_SIGNALS_ALLOWLIST">BrowserContextAwareAccessSignalsAllowlist</ph> policy is enabled then the attestation flow can be started for the managed browser and device signals can be collected.
For <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph>, this policy is related to remote attestation where a certificate is automatically generated and uploaded to the server. For usage of the attestation flow on the device's login screen, please use the <ph name="DEVICE_LOGIN_SCREEN_CONTEXT_AWARE_ACCESS_SIGNALS_ALLOWLIST_POLICY_NAME">DeviceLoginScreenContextAwareAccessSignalsAllowlist</ph> policy.
For detailed information on valid <ph name="URL_LABEL">URL</ph> patterns, please see https://support.google.com/chrome/a?p=url_blocklist_filter_format.
example_value:
- https://example1.com
- example2.com
- https://foo.example3.com/path
features:
cloud_only: true
dynamic_refresh: true
per_profile: true
supported_on:
- chrome.*:116-
- chrome_os:116-
owners:
- [email protected]
- [email protected]
- [email protected]
schema:
items:
type: string
type: array
tags: []
type: list
Codebase Browser
chromium