Limit the time for which a user authenticated via GAIA without SAML can log in offline at the lock screen

While logging in through the lock screen, Google Chrome OS can authenticate against a server (online) or using a cached password (offline).

When this policy is set to -2, it will match the value of the login screen offline signin time limit which comes from GaiaOfflineSigninTimeLimitDays.

When the policy is unset, or set to a value of -1, it will not enforce online authentication on the lock screen and will allow the user to use offline authentication unless a different reason than this policy enforces an online authentication.

If the policy is set to a value of 0, online authentication will always be required.

When this policy is set to any other value, it specifies the number of days since the last online authentication after which the user must use online authentication again in the next login through the lock screen.

This policy affects users who authenticated using GAIA without SAML.

The policy value should be specified in days.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Limit the time for which a user authenticated via GAIA without SAML can log in offline at the lock screen:

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\ChromeOS
Value NameGaiaLockScreenOfflineSigninTimeLimitDays
Value TypeREG_DWORD
Default Value
Min Value0
Max Value365

chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)