You can accept logins only from approved domains, by listing them in your Smoothwall. This way, users from non-approved domains can still log into their Chromebooks using their Google credentials, but are placed in the Unauthenticated IPs group (see the help topic, Adding user groups) and filtered accordingly.
Alternatively, you can list the domains in your Google Admin Console. However, using this methodology, users from unlisted domains are unable to log into their Chromebook devices.
Note: If you're using the Google directory service for user group mappings, don't turn on this option because the full email address is needed as the username.
Something not right? Send us feedback.