Google rolled Credential Provider for Windows, which will allow the user to log in with their Google account. This is specifically the G Suite Enterprise, G Suite Enterprise for Education or Cloud Identity Premium license. In this article, I will share how you can configure your PC to log into Windows 10 using Google Password. There are two parts. The first is where you prepare the PC, and the second is where your PC is registered with the GCPW. You can link a Google Account to an existing Windows profile, but it’s optional.
Prerequisites to use GCPW
- G Suite Enterprise, G Suite Enterprise for Education or Cloud Identity Premium license to have their device enrolled in Windows device management.
- Devices can be prevented from registering with a registry key during installation.
- Windows 10 Professional, Professional or Enterprise (version 1803 or higher) and a user account with administrator privileges.
- The Google Chrome browser must be installed on the device.
Please remember that this is not a replacement for a Microsoft account. If your business needs you to use a Google account and wants to manage updates on your devices, provide SSO and Google security benefits. Then you need it. It should not be used with your Gmail account.
Connect to Windows 10 using Google Password
Follow these steps to use a Google account (domain or Google Suite) to sign in to Windows 10:
- Configure GCPW
- Configure registry entries for domain connection
- Add a professional account
- Connect an existing Windows account with a Google Work account
Windows device management under Google Credential Provider for Windows is optional. You can choose to turn it off
1]Download and install the GCPW installer
Download it GCPW installerand run it with administrator privileges. once installed, check if you have the following files in the locations marked:
C: Program Files Google CredentialProvider Gaia.dll
C: Program Files Google CredentialProvider gcp_setup.exe
C: Program Files Google CredentialProvider gcp_eventlog_provider.dll
2]Configure registry settings
GCPW allows you to configure domains that can be used to log in with a Google Account. Usually you can have one or two domains and you can configure it. Apart from that, you can configure to prevent the device from automatically enrolling in Windows device management; multiple Google accounts on the device, local profile configuration and validity period.
Open the registry editor and go to:
HKEY_LOCAL_MACHINESoftwareGoogle
Find or create the folder GCPW. If it’s not there, you can create it. Right-click the Google folder and select New> Key.
Right click on the GCPW folder and create a new chain with the name:
domains_allowed_to_login
Double click to modify it and add domains like thewindowsclub.com.
For the other keys, it would be better to follow the official page details. This done, you will need to restart the computer for the changes to take effect.
3]Log in with a Google account
Once the computer has restarted, you will have a new login option at the end of the user list. Click on it and log in using your Google account. The connection will follow all protocols such as 2FA or anything else that has been configured. The username for these accounts is usually domainname_userfirstname. From its new account, Windows will take a little time to configure. Once complete, the user account will be listed with another account.
However, you may need to log in again with your Google username and password each time you sign in to the account. The alternative is to configure a PIN code for the account, set the validity period to 5 days. Therefore, the next time you log into the computer using your work account, you will not have to log in with the Google account credentials. Users will be able to log in using the Windows account if they lose their Internet connection.
4]How to connect Google Login to an existing profile
It’s a bit of a complex setup to do, and you should only do this if you don’t want to keep a different business and personal account. The steps involved here are to find the SID of Windows users and then link it to the Google account. We recommend that you test it with a test user and determine if it works as expected. In addition, the user will need a profile in Active Directory to use it. The next steps must be followed by an administrator user.
Follow this guide for the SID of the user account. Write it down somewhere.
Move towards:
HKEY_LOCAL_MACHINESoftwareGoogle
Right click on the GCPW folder and then click New > Key.
Specify the Value name as the SID of the user’s Windows account (security identifier).
Right-click the SID key, and then click New > Chain.
Specify the Value name as E-mail.
Right-click the value, then specify the Value data as the work account that you want to associate with the user’s local Windows account.
Use the user’s full email address (for example, [email protected]).
Note: Although the Google documentation requests to create the above configuration under the GCPW folder, it should have been located under the GCPW> Users folder.
Fact that when you click to log into this account you will get a Google account verification. It then associates the user’s Google account with their Windows profile using the SID. If the SID does not match, GCPW creates a new Windows profile on the device with the user’s Google credentials and associates their Google account with that profile.
If you register your device with Windows Device Management, many features of the device will be controlled via GCPW. If you want to quit or disable this, be sure to change the registry key:
enable_dm_enrollment
available at:
HKEY_LOCAL_MACHINESoftwareGoogleGCPW
at 0.
I hope the message was easy to follow.
If you are using an account that belongs to GSuite, the account can be set up with the Windows account and used to log into your work account.