How to manage user access to certificates?

The default values from Google allow users to edit trust settings for all CA certificates, remove user-imported certificates, and import certificates. 

If a user removes CA certificates from their device there is a possibility it could affect the functionality of our services. It is recommended that you do not allow users to edit certificates installed on their devices.

 

To do this:

  • Log into your Google Workspace as a Super Admin User (admin.google.com)
  • Navigate to Devices > Chrome > Settings > Users & Browsers
  • Select your root directory (If you wish to limit the scope of this best practice, select the container which contains the proper users)
  • Scroll down to Security 
    • Locate the settings:
      • User management of installed CA certificates
      • User management of installed client certificates
  • Select 'Disallow users from managing certificates' for both fields:
      

Full navigation path, applied on root directory, with settings highlighted:

Screen_Shot_2021-09-16_at_2.38.53_PM.png

 

Close up of specific settings:

image.png

Was this article helpful?
104 out of 166 found this helpful
Have more questions?
Submit a request

Comments

0 comments

Article is closed for comments.

Articles in this section

See more