Google has rolled Credential Provider for Windows, which will allow the user to log in with their Google account. It is precisely for G Suite Enterprise, G Suite Enterprise for Education, or Cloud Identity Premium license. In this post, I will share how you can set up your PC to log in to Windows 10 using Google Password. There are two parts to it. The first is where you get the PC ready, and the second is where your PC gets enrolled for GCPW. It is possible to associate a Google Account with an existing Windows Profile, but it’s optional.
Pre-Requites to use GCPW
- G Suite Enterprise, G Suite Enterprise for Education, or Cloud Identity Premium license for their device to be enrolled in Windows device management.
- It is possible to prevent device enrollment using a registry key during installation.
- Windows 10 Professional, Business, or Enterprise (version 1803 or higher) and a user account with administrator privileges.
- Google Chrome browser must be installed on the device.
Remember, its not a Microsoft account replacement. If your business needs you to use Google account, and they want to manage updates on your devices, provide SSO and Google security benefits. Then you need it. It’s not to be used with your Gmail account.
Login to Windows 10 using Google Password
Follow these steps to use Google Account (Domain or Google Suite) to login to Windows 10:
- Configure GCPW
- Setup Registry Entries for domain login
- Add a Work account
- Connect existing Windows account with Google Work account
Windows device management under Google Credential Provider for Windows is optional. You can choose to disable it
1] Download and install the GCPW installer
Download the GCPW installer, and run it with admin privileges. once installed, verify if you have the following files available at the marked locations:
2] Configure Registry settings
GCPW allows you to configure domains that can be used to sign-in with Google account. Usually, you may have one or two domains, and you can configure that. Apart from this, you can configure to prevent the device from enrolling for Windows device management automatically; multiple Google accounts on the device, local profile configuration, and validity period.
Open the Registry Editor and navigate to:
Locate or Create the folder GCPW. If it is not there, you can create it. Right-click the Google folder and then selecting New > Key.
Right-click the GCPW folder, and create a new string with the name:
Double click to edit it, and add domains in it like thewindowsclub.com.
For other keys, it would be best to follow the details from the official page. Done that, you will have to restart the computer for the changes to come into effect.
3] Sign-in with a Google Account
Once the computer reboots, you will have a new sign-in option at the end of the list of users. Click on that, and sign-in using your Google account. The sign-in will follow all the protocols such as 2FA or anything else that has been set up. The username for such accounts is usually domainname_userfirstname. Since its a new account, Windows will take a bit of time to set up. Once done, the user account will be listed along with another account.
However, you may have to sign-in again with the Google username and password every time you log in to the account. The alternate is to configure a PIN for the account, set the validity period to 5 days. So the next time you log in to the computer using your work account, you don’t have to sign-in with the Google Account credentials. Users will be able to sign-in using the Windows account in case the connection to the internet is lost.
4] How to connect Google Login with an existing profile
It’s a bit complex setup to do, and you should only do it if you do not want to keep work account and home account different. The steps involved here is to find the SID of Windows users, and then associate it with the Google account. We will recommend to test it with a test user and figure out if it works as expected. Also, the user will need a profile in the Active Directory to use it. The steps ahead should be followed by an admin user.
Follow this guide to find out the SID of the user account. Note it down at someplace.
Right-click the GCPW folder, and click New > Key.
Specify the Value name as the user’s Windows account SID (security identifier).
Right-click the SID key, and then click New > String.
Specify the Value name as email.
Right-click the value, and then specify the Value data as the work account you want to associate with the user’s local Windows account.
Use the user’s full email address (for example, [email protected]).
Note: While the Google documentation asks to create the above setup under the GCPW folder, it should have been under the GCPW > Users folder.
Done that, when you click to sign-in to that account, you will get a Google account verification. It then associates the user’s Google Account with their Windows profile using the SID. If the SID is a mismatch, GCPW creates a new Windows profile on the device with the user’s Google credentials and associates their Google Account with that profile.
If you enroll your device with Windows device management, a lot of features on the device will be controlled via GCPW. If you want to quit or disable that, make sure to change the registry key:
I hope the post was easy to follow.
If you are using an account that belongs to GSuite, then the account can be configured with the Windows account and used to login to your work account.