Unable to trust a managed device with 2-Step verification

Problem

You are not able to trust the managed Chromebooks with 2-Step verification.

Environment

  • Managed Chromebooks

Solution

The Sign-in screen setting is set to Never show user names and photos by default on managed Chromebooks. To allow the staff users to trust the device you need to change that setting to Always show user names and photos.

Note: 2-step verification cannot override the managed device settings.
  1. In the Google Admin Console, click Menu > Devices > Chrome > Settings > Device.
  2. On the left, select the affected device's OU (where the staff devices are located).
  3. Under the Device Settings section on the right, scroll down and select Sign-in screen.
  4. Set the policy to Always show user names and photos.
  5. Save the changes.
  6. Restart the Chromebook or reload the policies at:
    chrome://policy
  7. Test again.
Workaround
You can also follow the steps in our Help Center article Set ChromeOS device policies.

Note: If your users are enrolled in 2-step verification, they will be prompted to perform their second verification step each time they sign in to their device.
 

Cause

Managed devices with Never show user names and photos don't save cookies, and in order to trust the device the cookies have to be saved.