Chrome OS

Chrome OS Login via Hideez Identity Cloud using SAML SSO

This integration enables secure and seamless single sign-on (SSO) for Chrome OS devices using Hideez Identity Cloud as a SAML Identity Provider.

Important: If Chrome OS is operating in offline mode and cannot connect to the Hideez Cloud, authentication through the HES IDP cannot be completed.

By implementing this configuration, organizations benefit from:

  • Centralized identity management — User authentication is handled by Hideez Identity Cloud across all Chrome OS devices.

  • Consistent login experience — Users log in to their Chromebooks using the same credentials managed by Hideez.

  • Passwordless readiness — While Chrome OS requires a password for login, Hideez Identity Cloud supports broader passwordless strategies across the organization.

  • Use flexible authentication methods, including:

    • Hideez Authenticator

    • Passkeys

    • Password + One-Time Password (OTP)

Prerequisites

Before starting the integration, ensure the following conditions are met:

  1. The user belongs to your organization's domain in Google Workspace. The Google Workspace admin console must manage the user’s account.

  2. SAML SSO must be enabled in Google Workspace. The admin must configure Google Workspace to use a third-party Identity Provider (IDP).

  3. The user’s ChromeOS device must be enrolled in Google Workspace. A step-by-step guide for enrolling a ChromeOS device can be found at the following link.

  4. The user exists in Hideez Identity Cloud. The same email address must be present in the Hideez Identity Cloud.

Step 1: Configure Hideez Identity Cloud (IDP)

  1. Log in to the Hideez Server as an administrator.

  2. Go to Settings → Parameters → SAML.

  3. Click Add Service Provider and enter the following:

    • Issuer / SP Entity ID: use the ACS URL from Google Workspace

    • ACS (Assertion Consumer Service) URL: from Google Admin (see Step 2)

    • NameID Format: Email

    • NameID Value: Email

    • Upload the SP certificate if available

  4. Save the changes.

Step 2: Configure Google Admin for Chrome OS

  1. Go to admin.google.comMenu → Security → Authentication → SSO with third-party IdP.

  2. Click Add SAML profile.

  3. Fill in the following:

    • Profile Name: Hideez Server (IDP)

    • IDP Entity ID: https://<your-hideez-tenant>

    • Login URL: https://<your-hideez-tenant>/saml/login

    • Logout URL: https://<your-hideez-tenant>/saml/logout

    • Upload IDP Certificate: download it from the Hideez Server and upload here

  4. Save the profile.

  5. Assign the profile to a specific organizational unit (OU) or group of users to enable SSO for them.

For more detailed instructions on configuring SAML SSO in Google Workspace, refer to the official documentation: • Set up SSO via SAML for your organization – Google Workspace Admin HelpHideez Identity Cloud SAML Configuration Guide Delete a managed device from a Google Workspace

Demo: Chrome OS Login via Hideez Identity Cloud

Last updated