Discovering Google Credential Provider for Windows (GCPW)
May 4, 2021 / Unisys Corporation
Discover how to use Google Credential Provider for Windows 10.
Google released Google Credential Provider for Windows (GCPW), which allows you to authenticate to a Windows 10 session with a third-party tool provided by Google.
With this new authentication approach, Google allows its G Suite customers to detach from the Active Directory with Google Workspace tools while retaining the same authentication experience.
This new authentication approach enables Google to synchronize the user's password with their session and transfer the authentication token directly into their user session. This allows for a seamless single sign-on (SSO) experience in applications federated with the Google solution.
The security is also reinforced this way. When the authentication is performed using a Google account and the MFA option is activated, the user is automatically prompted for it.
Of course, it is possible to enroll the device in Google Mobile Management simultaneously and push the policies proposed by the Google console.
How to proceed
First, connect to your Google Admin Console and go to Device > Mobile and Endpoints > Windows Settings.
Make sure the options are the same as in the following screenshot.
Since the last release (89.0.4389.128), this tool installs very quickly. It only requires the installer to be running as an administrator, and Google Chrome must be installed on the device.
To retrieve the executable, it must be done directly in your Google Admin console. The installer includes a "client token management" that allows you to retrieve your GCPW settings. You must click the DOWNLOAD button like in the screenshot below.
Now that the GCPW installer is downloaded, we must launch it as an administrator on our Windows 10 device.
Let the installation run.
Once installed, you must close your Windows session. In the lower left corner, you will notice that the login page prompts you to log into a Google account.
All you have to do now is sign in with your Google account!
If your Google account has an MFA option activated, you will be asked for it.
Normally, you will see a prompt asking for permission for your device to be monitored and managed by your admin. This is because we enabled the "Enroll in Device Management" option in the first step of this guide. Below is an example through Google Mobile Management.
Click on the "I agree" button to proceed.
Once the session is started, Google Chrome will launch and ask you to connect your Google account automatically in the browser to manage the account and find all the associated user settings.
This will also be used to synchronize your bookmarks and passwords.
Just click on the Yes, I'm in button.
You now have access to all your company apps directly in Google Chrome.
At this point, all applications linked to your Google account will be accessible without the need to authenticate again. Your Windows 10 is managed by Google Mobile Management and will receive all policies, such as automatic updates, BitLocker and so on.
You are now ready to work on a Windows 10 session authenticated with your Google enterprise account.
Learn more about how Unisys can help you manage and secure all enterprise devices with Modern Device Management.
