Restrict the Primary Account in Google Chrome Browser

The first user to sign in to a device in the Chrome browser is the primary user. The Google Account that a user chooses when they opt in to sync their data. The primary account syncs browsing data across devices, such as bookmarks, browsing history, passwords, and more.

IT administrators can restrict primary accounts on Chrome for Mac by specifying which Google accounts can be set as the primary accounts, with the help of the following custom payload.

1. Copy the contents below directly and add them to Apple Configurations > Custom Configurations for Mac, or click here to download the file and import it.

2. Follow our guide on how to add the Custom Payload in the Apple Configurations & deploy it to devices.
   

   <?xml version="1.0" encoding="UTF-8"?>
   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
   <plist version="1.0">
   <dict>
       <key>PayloadContent</key>
       <array>
           <dict>
               <key>PayloadDisplayName</key>
               <string>Google Chrome</string>
               <key>PayloadIdentifier</key>
               <string>com.google.Chrome.719B98A8-6219-4438-ADAF-C26C8B694FA6</string>
               <key>PayloadType</key>
               <string>com.google.Chrome</string>
               <key>PayloadUUID</key>
               <string>719B98A8-6219-4438-ADAF-C26C8B694FA6</string>
               <key>PayloadVersion</key>
               <integer>1</integer>
               <key>RestrictSigninToPattern</key>
               <string>.*@yourcompany\.com$</string>
               <key>BrowserSignin</key>
               <integer>2</integer>
           </dict>
       </array>
       <key>PayloadDisplayName</key>
       <string>custom-configuration</string>
       <key>PayloadIdentifier</key>
       <string>PAYLOAD IDENTIFIER</string>
       <key>PayloadType</key>
       <string>Configuration</string>
       <key>PayloadUUID</key>
       <string>45A58F11-B3D4-4E9E-AD90-36C3C25A838B</string>
       <key>PayloadVersion</key>
       <integer>1</integer>
   </dict>
   </plist>

3. In the payload, please change the below placeholder “yourcompany” with your company's domain.
   

   <key>RestrictSigninToPattern</key>
   <string>.*@yourcompany\.com$</string>

Note:

1. The Payload and its contents are sourced from various albeit authenticated Apple Developer communities and forums.

2. Please validate them on a test machine before deploying them on all your managed devices.

3. Scalefusion has tested these Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these payloads.