Filtering users using Non-Chromebook Devices (Google Sign-In on SSL Login Pages)
If you make use of a Google G Suite domain but also have non-Google devices requesting authentication, you can use an SSL login page (for authentication over HTTPS) or non-SSL login page (for authentication over HTTP) as a "go-between" for services that need authentication on those non-Google devices.
Typically, the login page prompts users for their credentials according to their domain. By turning on the Google Sign-in button, Google user credentials stored locally in a cookie can be used to authenticate with the login page instead.
Note: The following assumes that you've not configured your G Suite domain for Connect for Chromebooks and is the same method for both SSL and non-SSL login pages.
- From the Google API Console, create a web application and review the returned Client ID and Client secret. See our knowledge base article, Where do I get the Client ID and Client Secret from for Google Authentication?.
- Create relevant authentication policies for SSL / non-SSL authentication. See the help topic, Creating authentication policies.
- Customize the SSL / non-SSL login page. See the help topic, Customizing the SSL Login Page.
- On the SERVICES menu, under the Authentication submenu, click Google.
- Under the Google settings section, select Google Sign-In button.
- You must also select Validate user identity.
- Two new parameters appear. Enter the Client ID and Client secret created in step 1.
- Click Save changes.
- If you're using SSL login pages, you also need to download the HTTPS certificate and install it on your network devices. Click Download certificate.
Allow Google services through your Smoothwall. See our knowledge base article, Allowing Access to Google Services.
If you allow your network devices to be used off-site, but want their web traffic to still be filtered, you can create web filtering policies that allow this. See our knowledge base article, How do I filter my Google devices when external to the network?.
We recommend that you advise your users to grant Google permission to view before they can continue browsing:
- Distribute the HTTPS certificate previously downloaded to all network devices. Typically, you can use a domain-wide policy to push the certificate out.
Tip: For troubleshooting, see our knowledge base article, Google Sign-In Button Not Working on SSL / non-SSL Login pages.