If you employ multiple domains that share the same account management backend, you can now also associate them with one another to enable users to save credentials once and have the Chrome password manager suggest them to any of the affiliated websites.
Chrome's password manager already autofills credentials for sites with saved credentials, as well as in the following two cases:
- When two sites are in the
same-site relationship, Chrome
will show autofill credentials for the other site if there's at least one
credential saved on one site. For example, because
www.example.com
andm.example.com
are the same-site, Chrome can share saved credentials between the two sites and suggest the saved password to another. - When a developer associates an Android app with a site that uses the same credentials, Chrome can suggest Android credentials on that site. Apps are associated with sites using Digital Asset Links (DALs).
You can now also associate websites in a cross-site relationship to enable users to save their credentials once and have the password manager suggest them to any of the affiliated websites.
If you employ multiple domains that share the same account management backend
(such as https://www.example.com
and https://www.example.co.uk)
, starting in
version 91, you can enable Chrome to suggest passwords saved to domains
associated with Digital Asset Links.
To make a DAL association, developers need to put a JSON file that follows
the DAL syntax
at /.well-known/assetlinks.json
on the respective domains.
Prerequisites
- Use Chrome 91 or later.
- Enable the flag at
chrome://flags#filling-across-affiliated-websites
. - Make sure "Offer to save passwords" is turned on in
chrome://settings/passwords
. - Make sure your website's sign-in domain is available through HTTPS.
Associate your two websites
To declare that the website, for example
https://www.example.com,
can share credentials withhttps://www.example.co.uk
, create a file namedassetlinks.json
with the following content:[{ "relation": ["delegate_permission/common.get_login_creds"], "target": { "namespace": "web", "site": "https://www.example.com" } }, { "relation": ["delegate_permission/common.get_login_creds"], "target": { "namespace": "web", "site": "https://www.example.co.uk" } }]
The
relation
field is an array of one or more strings that describe the relationship between the sites. For sites to share sign-in credentials, specify the stringdelegate_permission/common.get_login_creds
. Thetarget
field is an object that specifies the asset the declaration applies to. The following fields identify a website:namespace
Must be web
for websites.site
The website's URL, in the format https://domain[:optional_port]
; for example,https://www.example.com
.See the Digital Asset Links reference for details.
Host the Digital Asset Links JSON file at the following location on the sign-in domain:
https://domain[:optional_port]/.well-known/assetlinks.json
.In this example, the domain is
www.example.com
, so the JSON file should be hosted athttps://www.example.com/.well-known/assetlinks.json
.The MIME type for the Digital Asset Links file needs to be JSON. Make sure the server sends a
Content-Type: application/json
header in the response.To declare the association in both websites, host the
assetlinks.json
athttps://www.example.co.uk/.well-known/assetlinks.json
as well:[{ "relation": ["delegate_permission/common.get_login_creds"], "target": { "namespace": "web", "site": "https://www.example.com" } }, { "relation": ["delegate_permission/common.get_login_creds"], "target": { "namespace": "web", "site": "https://www.example.co.uk" } }]
Ensure that your host permits Google to retrieve your Digital Asset Links file. If you have a
robots.txt
file, it must allow the Googlebot agent to retrieve/.well-known/assetlinks.json
. Most sites can simply allow any automated agent to retrieve files in the/.well-known/
path so that other services can access the metadata in those files:User-agent: * Allow: /.well-known/
Associate multiple websites with one another
You can associate multiple websites with one another by specifying each one in
the Digital Asset Links file. For example, to associate the example.com
,
example.co.uk,
andexample.co.jp
, specify all of those websites in the
assetlinks.json
JSON file and host it on each website at
https://EXAMPLE_DOMAIN_NAME/.well-known/assetlinks.json
.
[{
"relation":[
"delegate_permission/common.get_login_creds"
],
"target":{
"site":"https://www.example.com",
"namespace":"web"
}
},
{
"relation":[
"delegate_permission/common.get_login_creds"
],
"target":{
"site":"https://www.example.co.uk",
"namespace":"web"
}
},
{
"relation":[
"delegate_permission/common.get_login_creds"
],
"target":{
"site":"https://www.example.co.jp",
"namespace":"web"
}
}]