Google Credential Provider for Windows (GCPW) on Windows 10

Security Aug 18, 2022

Halodoc is the first Health-Tech company in Indonesia that provides complete and reliable health solutions. We are committed to protect customer data from information abuse. Therefore, to minimize the potential security risk, one of the security aspects that Halodoc does is protecting the endpoint.

To protect the user's endpoint, Halodoc uses Google Credential Provider for Windows (GCPW) as an endpoint management solution to enhance the security aspect, provide Single Sign-On (SSO) experience and more.  GCPW is part of Google Workspace feature that can be accessed anywhere and anytime which also has high-security standards that can cover the needs of Halodoc users.

What is GCPW?

Google Credential Provider for Windows® (GCPW) is endpoint management tool that lets users sign in to Windows® devices using the Google Account they use for work. GCPW provides users with a Single Sign-On (SSO) experience to Google services and all the security features available with their Google Account.

Function & Benefit

GCPW is useful for company to manage devices to use Google’s single-sign on (SSO) access security, push Windows settings, and wipe device data remotely.

Admin can configure GCPW so that a user’s Google Account syncs with their Active Directory or local Windows profiles. GCPW also provides the following benefits:

  • Additional security—Users get all the security benefits of their Google Account on their Windows 10 device. These features include anti-hijacking features such as 2-step verification (2SV) and login challenges. Also admin can set the permission level, wipe data from a device, block specific apps, disable USB drives, set the screen lock timeout, and more.
  • SSO experience—Users can access Google Workspace services and SSO apps in Chrome Browser without the need to re-enter their Google credentials.
  • Password synchronization—Keep users’ Google passwords in sync with their Windows passwords in the Admin console or with G Suite Password Sync.
  • Automatic enrollment in Windows device management—If you use GCPW and Windows device management together, devices are automatically enrolled in Windows device management when the user signs in through GCPW.

To use GCPW, you need to install the agent on each Windows device.

Requirements

License

  • GCPW (standalone)—Supported editions for this feature: Frontline; Business Starter, Business Standard and Business Plus; Enterprise; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; G Suite Basic and G Suite Business; Essentials; Cloud Identity Free and Cloud Identity Premium.
  • Windows device management (standalone or with GCPW)—Supported editions for this feature: Frontline; Business Plus; Enterprise; Education Standard and Education Plus; Cloud Identity Premium. Compare your edition.

System

  • Windows 10 Pro, Pro for Workstations, Enterprise, or Education, version 1803 or later
  • For GCPW, Chrome Browser 81 or later

Windows Device Management

With Windows device management, you can configure and manage enrolled devices from the Admin console. Only one user can enroll in Windows device management per device, due to a Microsoft limitation in Windows 10.

  1. Permitted domain - Allow only Google Accounts in the specified domains to sign in through GCPW, other than that will be blocked.

2. Manage multiple account login - If you enable, so several users can login to this device but if you disable it, only one user that can logged in to the device.

3. Offline access - You can manage whether users are allow to access their account when offline or not.

4. Windows Device Management - This is mandatory to enabled, to apply the policies to the devices.

5. Administrative privileges - You can manage or limit the local administrative access to the device. You can define role of the user that can access whether as an admin or standard user. And also you can define how many and who is the admin that can access to the device.

6. Windows update settings - You can manage to enabled or disabled the windows update to the devices, and you can set the automatic update behavior as below.

7. Custom settings - You can configure the custom settings to disable USB drives & SD cards, disable camera, disable bluetooth, block non-Microsoft Store apps. Beside of that, you can also install certain software e.g. slack, OpenVPN, etc.

USB drives has been blocked
Install OpenVPN, Slack

8. Disk encryption - You can configure the device encryption with enabling bitlocker. You can encrypt the disk only, removable drives only or both. The following shows that bitlocker has been enabled.

Note: One thing that need to be consider is when you initiate to enable bitlocker, it is required to associate with user's microsoft account and required to create a PIN.

9. Wipe Account/device - You can wipe account or even devices data remotely from the admin console once the devices and users are has been enrolled with the GCPW policies as well. When the device has been lost or stolen, this option removes all work data and apps from the device. It also removes personal data and apps.

Conclusion

In this blog, we learn about bird views Google Credential Provider for Windows (GCPW) as an Endpoint Management tool with amazing features to enhance security, SSO experience, password synchronization and easily to manage endpoint and apply the policy to the user’s endpoint within a single dashboard.

Join Us

We are always looking out for top engineering talent across all roles for our tech team. If challenging problems that drive a big impact enthrall you, do reach out to us at careers.india@halodoc.com.

References

https://support.google.com/a/answer/9539507

https://support.google.com/a/answer/9303492

https://support.google.com/a/answer/9539385

https://support.google.com/a/answer/9539590

https://support.google.com/a/answer/173390

About Halodoc

Halodoc is the number 1 all-around Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke. We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 1500+ pharmacies in 50 cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services, and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allows patients to book a doctor appointment inside our application. We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, Gojek, and many more. We recently closed our Series B round and In total have raised USD$100million for our mission. Our team work tirelessly to make sure that we create the best healthcare solution personalized for all of our patient's needs, and are continuously on a path to simplify healthcare for Indonesia.