Chrome OS
Chrome OS Login via Hideez Identity Cloud using SAML SSO
This integration enables secure and seamless single sign-on (SSO) for Chrome OS devices using Hideez Identity Cloud as a SAML Identity Provider.
Important: If Chrome OS is operating in offline mode and cannot connect to the Hideez Cloud, authentication through the HES IDP cannot be completed.
By implementing this configuration, organizations benefit from:
Centralized identity management — User authentication is handled by Hideez Identity Cloud across all Chrome OS devices.
Consistent login experience — Users log in to their Chromebooks using the same credentials managed by Hideez.
Passwordless readiness — While Chrome OS requires a password for login, Hideez Identity Cloud supports broader passwordless strategies across the organization.
Use flexible authentication methods, including:
Hideez Authenticator
Passkeys
Password + One-Time Password (OTP)
Prerequisites
Before starting the integration, ensure the following conditions are met:
The user belongs to your organization's domain in Google Workspace. The Google Workspace admin console must manage the user’s account.
SAML SSO must be enabled in Google Workspace. The admin must configure Google Workspace to use a third-party Identity Provider (IDP).
The user’s ChromeOS device must be enrolled in Google Workspace. A step-by-step guide for enrolling a ChromeOS device can be found at the following link.
The user exists in Hideez Identity Cloud. The same email address must be present in the Hideez Identity Cloud.
Step 1: Configure Hideez Identity Cloud (IDP)
Log in to the Hideez Server as an administrator.
Go to Settings → Parameters → SAML.
Click Add Service Provider and enter the following:
Issuer / SP Entity ID: use the ACS URL from Google Workspace
ACS (Assertion Consumer Service) URL: from Google Admin (see Step 2)
NameID Format: Email
NameID Value: Email
Upload the SP certificate if available
Save the changes.
Step 2: Configure Google Admin for Chrome OS
Go to admin.google.com → Menu → Security → Authentication → SSO with third-party IdP.
Click Add SAML profile.
Fill in the following:
Profile Name: Hideez Server (IDP)
IDP Entity ID:
https://<your-hideez-tenant>
Login URL:
https://<your-hideez-tenant>/saml/login
Logout URL:
https://<your-hideez-tenant>/saml/logout
Upload IDP Certificate: download it from the Hideez Server and upload here
Save the profile.
Assign the profile to a specific organizational unit (OU) or group of users to enable SSO for them.
Demo: Chrome OS Login via Hideez Identity Cloud
Last updated