SAML login authentication type

Configures the type of authentication for SAML logins.

When this policy is unset or set to Default (value 0), the behavior of SAML logins is determined by the browser depending on other factors. In the most basic scenario, the user authentication and the protection of the cached user data are based on passwords manually entered by users.

When this policy is set to ClientCertificate (value 1), client certificate authentication is used for newly added users which log in via SAML. No passwords are used for such users, and their cached local data is protected using corresponding cryptographic keys. For instance, this setting allows configuring smart card based user authentication (note that smart card middleware apps have to be installed via the DeviceLoginScreenExtensions policy).

This policy affects only users who authenticate using SAML.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

SAML login authentication type


  1. Default configuration
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Google\ChromeOS
    Value NameDeviceSamlLoginAuthenticationType
    Value TypeREG_DWORD
    Value0
  2. Authentication based on client certificates
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Google\ChromeOS
    Value NameDeviceSamlLoginAuthenticationType
    Value TypeREG_DWORD
    Value1


chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)