It's a paid product, they are actually allowed to do this. Google is obviously going to focus on security testing with their own browser. It's understandable that organizations want to require chrome for their employees to access their workspace in the interest of security, but it's not the default.
> It's understandable that organizations want to require chrome for their employees to access their workspace in the interest of security, but it's not the default.
Can you elaborate on why you think that Firefox is inherently insecure in some way for accessing Google workspaces?
> It's a paid product, they are actually allowed to do this.
If that were the only metric, then no monopoly would ever be broken up for any reason (which I guess is the way regulation seems to work nowadays, but at least in theory it's supposed to be possible for it to happen sometimes). The idea that using market pressure from one product a company sells to squeeze out competition in another is totally fine as long as the first product is paid is not a premise I agree with.
> Can you elaborate on why you think that Firefox is inherently insecure in some way for accessing Google workspaces?
Allowing users running who knows what version of Firefox (or any "non-validated"/unmanaged browser, not necessarily just Firefox) browser running who knows what extensions can be pretty unsafe. There are lots of malicious extensions out there that are stupid simple to install.
In the Workspace world, Chrome can be configured and enforced to have certain kinds of settings applied. Only allowing certain extensions. Ensure certain version ranges. That sort of thing.
It can, along with a bunch of other GPOs in an admx template.
But how many companies are running Workspace + Windows with on-prem AD? I suspect that number is shrinking pretty rapidly. You can do it with InTune as well, but it starts to get real messy if your users aren't on Windows or you have non-windows endpoints.
If you're a mac shop, on google workspace, and using something like JamF (or even Intune+EntraID), you are stuck deploying .plist files to each endpoint, you don't get compliance reporting back, and you lose a ton of visibility.
These are all things that don't matter to each individual user, but are hugely important to IT/security in the company, and Firefox unfortunately just doesn't have any centralized management platform for it.
Sure. But there's generally no standardized function ensuring they're actually only using that specifically configured browser when logging in. What happens when they try to log in from some other device? What happens when they manage to load a browser on to that machine?
This feature supposedly ensures (or at least pushes users to) only the approved browsers running approved configurations are allowed to log in to the company's instances of Workspace.
What if a company decides that their preferred browser is Firefox. Can you use this feature to only enable logins from Firefox? Or is it only for Chrome?
They can't use this feature to enforce only Firefox. Firefox doesn't have support for this feature, they really don't offer anything like Chrome Enterprise. Its just as much a feature of Chrome Enterprise that Workspace leverages rather than only a feature of Workspace that leverages Chrome.
You can still use Firefox with Workspace though, but if you want the management features of Chrome Enterprise you need to use Chrome Enterprise. Firefox itself just doesn't even begin to offer the same kind of endpoint verification.
With Firefox today, how would a web app have any serious clue the client was running approved versions of Firefox configured in approved ways on approved hardware with approved OS configurations? It wouldn't, and I take it Firefox wouldn't bother implementing that kind of technology. Which is fine, but if the customer wants to be able to ensure a certain kind of policy compliance that's just not possible when using Firefox. And that's just as much if not more of the ball being in Firefox's court as it is Google Workspace's. There's nothing for Workspace to even interface with at all from the Firefox side to ensure policy compliance.
Its like asking "can I print on this printer with this app?" when the app itself doesn't even have a concept of printing things. The basic underlying feature set just doesn't even exist, before we're even talking about some form of platform compatibility.
I don’t think anyone is saying Firefox is inherently bad. What I’m reading, and what I believe, is Google just has a better product for secure enterprise browsing because of the controls they offer
The browser is where basically all your work happens, especially as a Workspace customer—think about how much of your work is done in the browser. That makes it a huge, attractive attack surface. And attackers don't even need a browser vulnerability; they can just convince an employee to install a malicious browser extension, and suddenly they can steal passwords, watch everything you do, and hijack your sessions on other sites.
So security teams need visibility into what's happening in the browser. Google does a decent—not great—job of providing this through Managed Chrome: centralized logs, control over which extensions can be installed, even alerts when someone reuses their Workspace password elsewhere.
Firefox, Safari, and most others don't offer these business controls, which means a security team allowing them is flying blind. And a blind security team is gonna have a bad time… mmmkay.
On support: someone mentioned using Firefox to verify their app works across browsers—god's work, truly. But not every vendor does that, so IT ends up fielding "this site just isn't working" tickets that turn out to be browser compatibility issues. Fewer supported browsers means a smaller surface to support and a better experience all around.
This can't be enforced where you're not using your corporate identity. A Dropbox account on your personal email is still accessible from any browser.
There is zero problem here guys.