Discover how to use Google Credential Provider for Windows 10.
Google released Google Credential Provider for Windows (GCPW) a little over a year ago. Out of nowhere, this tool allows you to authenticate to a Windows 10 session with a third party tool provided by Google.
With this new authentication approach, Google offers its G Suite customers to detach from the Active Directory and keep the same authentication experience already known, but this time with Google Workspace tools.
It allows the Google password to be synchronised with the user session, and then the authentication token to be transferred directly into the user session, thus playing SSO in applications federated with the Google solution.
The security is reinforced because as the authentication is done with the Google account, if the MFA option is activated, the user is automatically requested.
Of course, it is possible at the same time to enrol the device in Google Mobile Management, and to push the policies proposed by the Google console.
This is what we will talk about in this first article.
In a second in the future we will of course use GCPW for session access and manage the Windows 10 with Workspace ONE UEM.
How to Proceed
First of all connect to your Google Admin Console and go to Device > Mobile and Endpoints > Windows Settings.
Make sure the options are the same as on following screenshot.
Since the last release (89.0.4389.128), this little tool installs very quickly. It just requires running the installer as administrator and Google Chrome must be installed on the device.
To retrieve the executable, it is done directly in your Google Admin console, the installer includes a "client token management" that allows you to retrieve your GCPW settings. You just to click the DOWNLOAD button like as in the screenshot below.
Now that the GCPW installer is downloaded we just have to launch it as an administrator on our Windows 10 device.
Let the installation run smoothly.
Once installed, you just have to close your Windows session, and you will notice that in the lower left corner the login page presents a new option for a Google account.
All you have to do now, is sign in with your Google account !
If your Google account has an MFA option activated, you will be asked for it.
You will normally see a prompt, saying that your device will be managed. In our example here by the Google Mobile Management. This is because we enabled the "Enroll in Device Management" option in the first step of this guide.
Click on the "I agree" button to proceed.
Once the session is started, at launch, Google Chrome will ask you to use your Google account automatically in the browser in order to manage it and find all the associated user settings.
As well as to synchronize your bookmarks, passwords...
Just click on the Yes, I'm in button.
You now have access to all your company apps directly in Google Chrome.
At this point, all applications linked to your Google account will be accessible without the need to authenticate again, and your Windows 10 is managed by Google Mobile Management and will receive all policies such as for exemple automatic updates, BitLocker, and so on ...
Magic! You are now ready to work on a Windows 10 session authenticated with your Google enterprise account.
In a next part we will see how to use GCPW on a Windows 10 terminal this time enrolled in Workspace One UEM.
Thank you for reading and see you soon.