According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticate enterprise users against their company's G Suite account and possibly regular Google accounts.
Windows uses credential providers to authenticate users when they login to Windows and ships with standard providers such as authentication using passwords, Windows Hello, a smart card, or a PIN. Third-party developers can also create their own credential provider and register it with Windows so users can login using a third-party authentication process.
In this case, the Google Credential Provider appears to allow users to login using Google Accounts and ID Administration (GAIA) ids created by G Suite administrators. GAIA is Google authentication and authorization system that provides users with access to various Google services.
Adding this feature will allow Google to further penetrate the Enterprise market by integrating Windows 10 directly into their G Suite platform.
Google Credential Provider for Windows
This new provider was spotted yesterday after it was uploaded to the Chromium Gerrit site, which is used by Chromium devs to perform peer code review. Titled "Google Credential Provider for Windows", this project is part of Chromium and is being developed by Chromium dev Roger Tawa.
When BleepingComputer reached out to Tawa regarding this new feature he told us "There isn't much more for me to add on top of the CL description". With little information available from the developer and only a title to go on, we took a dive into the source to try and figure out what this project will do.
According to the source, the Google Credential Provider will be installed through a setup executable named gcp_installer.exe. This executable will include the gcp_setup.exe, startchromeonfirstlogin.cmd, gaia1_0.dll, and gcp_eventlog_provider.dll files. This setup executable will have a description of "Google Credential Provider installer".
When the installer is launched it will register the Google credential provider dll, gaia1_0.dll, at the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{0B5BFDF0-4594-47AC-940A-CFC69ABC561C} Registry key. It will also configure Chrome to launch automatically when the user logs in for the first time by adding a link to the startchromeonfirstlogin.cmd file into the user's Startup folder.
On the next reboot, the provider should now be available as an additional sign-in option. You can see an example of what it may look like in the mock up below.
When a user logs in with their GAIA ID, the credential provider will authenticate the user using Google's OAuth 2.0 api. If the credentials are correct, the provider will automatically log the user into their profile or create a new one.
While Chrome appears to be required for the authentication process, it is unknown why it is necessary. BleepingComputer has asked Tawa and Google's PR team why Chrome is required, but they are not ready to provide any more information at this point. If there is anything I missed in the source code, feel free to shoot me a message and I will get the article updated.
Furthermore, as this feature is still in the code review process, the whole feature may be scrapped or the names, filenames, other information may change. For now, though, it is definitely an interesting project to keep an eye on.
Comments
rhasce - 5 years ago
As if login in with Microsoft account is not only a horrible idea but has bring me so many costumers with locked computers, omg, but hey thanks to Microsoft people like me have a job, keep messing them up Microsoft, now google getting into the locking people off their own computers, OMG and lets not even talk about the dumb message that wont allow you to log while you are offline dam that is dumb, thanks MS.
the_moss_666 - 5 years ago
What happened to good old "don use same password (or same account) for everything"?
LukaFrodnik - 5 years ago
Really bad news. Google is everywhere. Monopolistic as is.
DracX - 5 years ago
Not a big fan of google at all. Them getting into the windows sign in action, not good!
sadsteve - 5 years ago
I don't sign into Windows with a Microsoft account, why would I sign in with a Goggle account?? I'm not interested in providing more tracking info for these companies.
dolphusp - 4 years ago
Hey Lawrence,
We have 25 new Windows 10 laptops in the IT Lab of our school.
Every student has a G-Suite account.
So we would like every student to login to the laptop with their G-Suite credentials instead of Windows credentials, and access their own Google Drive as well as other Windows software installed on the laptops.
Is the Google Credential Provider for Windows available for implementation now?
Or is it still a possibility in the future?
Regards,
Dolphus Pereira
Lawrence Abrams - 4 years ago
From what I understand they are still working on it. I have not seen it released, even for testing.