How to manage user access to certificates?

The default values from Google allow users to edit trust settings for all CA certificates, remove user-imported certificates, and import certificates. 

If a user removes CA certificates from their device there is a possibility it could affect the functionality of our services. It is recommended that you do not allow users to edit certificates installed on their devices.

To do this:

  1. Log into your Google Workspace as a Super Admin User (admin.google.com)
  2. Navigate to Devices > Chrome > Settings > Users & Browser Settings
  3. Select your root directory (If you wish to limit the scope of this best practice, select the container which contains the proper users)
  4. Scroll down to Security and locate the settings:
    • User management of installed CA certificates
    • User management of installed client certificates
  5. Select 'Disallow users from managing certificates' for both fields:
      

Full navigation path, applied on root directory, with settings highlighted:

 

Close up of specific settings:

Was this article helpful?
115 out of 189 found this helpful
Have more questions?
Submit a request

Comments

0 comments

Article is closed for comments.

Articles in this section

See more