Open ksatter opened 12 months ago
Hey @pintomi1989, is customer-starchik
planning on deploying fleetd to ChromeOS? Do you know when?
Hey @noahtalerman,
No timeframe was given, but it was stated that this is the item that is blocking them from rolling out to ChromeOS. I've followed up to get a sense of scope.
We could test this internally.
Hey @zayhanlon and @Patagonia121 heads up, we didn't get to this air guitar during the current design sprint (ends today).
Added it back to feature fest to discuss prioritization.
Hey @zayhanlon, let's maybe come back to this after the customer migrates macOS.
cc @Patagonia121
Goal
As a Fleet Premium user, I would like to have the same mTLS functionality that is available in Orbit when using the ChromeOS extension.
From the customer: ChromeOS support + mTLS + Chrome Policies....We currently use the policy AutoSelectCertificateForUrls to tell Chrome to present our internal identity certs for URLs with a specific pattern. I'm wondering if the Fleet ChromeOS agent could leverage that policy?
From Zach: I think it should work. The extension uses the standard browser
fetch
API, and I think Chrome should choose the certificate the same as usual in an extension. Please let us know if you find an issue.Next steps: Waiting for customer to test
Context
This would allow greater security and reduce friction during security audits for ChromeOS devices enrolled in Fleet.