Closed Bug 1429151 Opened 2 years ago Closed 2 years ago
Policy: Disable Sync
Disable Sync through a policy (Firefox Accounts).
Mark, this is for the enterprise users who'd like to be able to disable sync for their users. Apparently there isn't a simple pref to flip to turn this off. Ideally we'd still like to allow access to Firefox Accounts, since its used by more than just sync. We could think of it that on about:preferences#sync, everything is disabled and can't be enabled, but I'm not sure what the best way to do that. Any advice here?
The TOR people are looking for something similar in bug 1434706. In that bug we discussed that allowing Sync itself to be enabled while just disabling the UI might be a bit of a foot-gun. That bug also has pointers to external patches. We certainly could disable Sync while allowing FxAccounts to continue to work, but without about:preferences#sync I'm not sure how users would interact with FxA as all FxA UI is currently tied to Sync. Having a single preference to disable Sync itself would be fairly easy. However, it's not quite as clear how the various UI parts of Sync (eg, about:prefs#sync, hamburger menu, synced tabs sidebar/menu panel) are most cleanly handled - hiding via CSS would probably be ideal, but it might end up tricky doing that cleanly. We'd probably also want to talk to marketing to ensure a Firefox configured in this way doesn't get a first-run snippet that suggests creating an account and starts the login flow.
See Also: → 1434706
It looks like bug 1434706, setting identity.fxaccounts.enabled works. Could you confirm Felipe?
Ah, thanks for letting me know! Let me create a policy to toggle that pref and see how that works out
Assignee: nobody → felipc
Status: NEW → ASSIGNED
Mark, as naming is one of the hard problems in computer science, what do you think is the best name to call this policy? It looks like from the discussions that "DisableSync" is what this actually does, so it sounds fair. However, the pref was named identity.fxaccounts.enabled, even though you mentioned in bug 1434706 that might not be the best name.. so I'm not sure
(In reply to :Felipe Gomes (needinfo me!) from comment #6) > Mark, as naming is one of the hard problems in computer science, what do you > think is the best name to call this policy? > > It looks like from the discussions that "DisableSync" is what this actually > does, so it sounds fair. However, the pref was named > identity.fxaccounts.enabled, even though you mentioned in bug 1434706 that > might not be the best name.. so I'm not sure The name is probably best as something like DisableFirefoxAccounts with the description being "Disables Firefox Account based services, including Sync." - in practice today it really does mean just "disable sync" but in the future it is likely to include lockbox.
Comment on attachment 8955933 [details] Bug 1429151 - Policy: Disable Sync. https://reviewboard.mozilla.org/r/224886/#review230874 Awesome!
Attachment #8955933 - Flags: review?(markh) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/3e515738e4b5 Policy: Disable Sync. r=markh
What is the expected behavior if a previously logged user is now blocked by a policy? Shouldn't we log him out first before we block the sync service?
The implementation we have right now will not log out the user, it will act as the device never connected.
We tested this on beta[FX60] and Nightly [Fx61] with ADM and JSON policy formats and it is verified as fixed. Test cases and runs are here- https://testrail.stage.mozaws.net/index.php?/plans/view/8760
You need to log in before you can comment on or make changes to this bug.