Define domains allowed to access G Suite

Enables Google Chrome's restricted log in feature in G Suite and prevents users from changing this setting.

If you define this setting, the user will only be able to access Google
Apps using accounts from the specified domains (note that to allow
gmail.com/googlemail.com accounts, you should add "consumer_accounts"
(without quotes) to the list of domains).

This setting will prevent the user from logging in, and adding a Secondary
Account, on a managed device that requires Google authentication, if that
account does not belong to the aforementioned list of allowed domains.

If you leave this setting empty/not-configured, the user will be able to
access G Suite with any account.

This policy causes the X-GoogApps-Allowed-Domains header to be appended to
all HTTP and HTTPS requests to all google.com domains, as described in
https://support.google.com/a/answer/1668854.

Users cannot change or override this setting.

Example value: managedchrome.com,example.com

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Define domains allowed to access G Suite

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\Chrome
Value NameAllowedDomainsForApps
Value TypeREG_SZ
Default Value

chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)