Automatically select client certificates for these sites on the sign-in screen

Allows you to specify a list of url patterns that specify sites for which a client certificate is automatically selected on the sign-in screen in the frame hosting the SAML flow, if the site requests a certificate. An example usage is to configure a device-wide certificate to be presented to the SAML IdP.

The value must be an array of stringified JSON dictionaries. Each dictionary must have the form '{ "pattern": "$URL_PATTERN", "filter" : $FILTER }', where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form '{ "ISSUER": { "CN": "$ISSUER_CN" } }', additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.

If this policy is left not set, no auto-selection will be done for any site.
See https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DeviceLoginScreenAutoSelectCertificateForUrls for more information about schema and formatting.

Example value:

{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name"}}}

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Automatically select client certificates for these sites on the sign-in screen

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Google\ChromeOS\DeviceLoginScreenAutoSelectCertificateForUrls
Value Name{number}
Value TypeREG_SZ
Default Value

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)