About Google authentication

If your organization makes use of Google credentials for authentication, or uses a Google G Suite domain, you can use the Smoothwall Filter and Firewall to filter users according to their credentials.

However, Google have deprecated Google+. See our Knowledge base article, Google validation feature fails to show login buttons after March 7th 2019.

Connect for Chromebooks

Connect for Chromebooks is a Chrome extension that you can deploy to your Chromebook devices on your network. Once the user is logged into the Chromebook, Connect for Chromebooks handles any subsequent authentication requests. The Chromebook authentication feature means that internal users can authenticate themselves using their Google credentials, whilst enforcing organizational web filtering policies wherever they're located. To prevent users from bypassing the web filter, you should make sure that the Chromebook devices are enrolled, and unwanted extensions and applications are blocked from installing.

Tip: Google Chromebooks allow multiple users to log into a single Chromebook device at any one time. For Connect for Chromebooks to work seamlessly, you need to turn this feature off. For a detailed description of how to do this, refer to the Google documentation at http://admin.google.com.

You can choose to either use Google verification or to trust users' G Suite domain credentials.

Google verification

Google verification means that the Connect for Chromebooks extension can confirm the user's credentials by communicating with Google's OAuth servers. It provides another level of authentication security, it's suitable for Bring Your Own Device (BYOD) network configurations and it's suitable for non-enrolled Chromebooks.

Client login page

When users first log on to the network from their Chromebook device, the client login page opens asking them to log into their Google account. You can customize the login page that users see to suit your organizational needs. You can change the logo, heading and main body of text. However, only static text and images can be used. You can't use links to other HTML pages. The Google Sign-in button must remain in case you need to login manually.

Trust users' G Suite domain credentials

By trusting the users' G Suite domain credentials, Connect for Chromebooks can send the supplied user credentials to the Smoothwall. Further verification isn't needed because the Google G Suite domain has already verified the user when they logged into the Chromebook. This is a more straight-forward setup for networks that have more control over the Chromebooks and it's suitable for enrolled Chromebooks.

Additional configuration for both authentication methods

The following applies to both methods described, and follows the same configuration path detailed in both knowledge base articles, How to Setup Google Verification with Connect for Chromebooks and Setting up Google as a Directory with Connect for Chromebooks.

Create filtering and access policies

You must create policies to make sure that your Chromebook traffic is filtered seamlessly. See our knowledge base article, Allowing Access to Google Services.

Add proxy settings to the Chromebooks

Each Chromebook device must be setup to proxy through the Smoothwall. You use the Google Admin Console to push the configuration to all devices, rather than setting each one up individually, see our knowledge base article: How do I roll out proxy settings to all my Chromebooks?.

Deploy Connect for Chromebooks

Connect for Chromebooks doesn't need you to install the extension on a server for deployment to all Chromebooks. Instead, you must link to it from the Google Admin Console, http://admin.google.com, which then includes it in the Chromebook configuration pushed out to all clients. See our knowledge base article, How do I deploy the Connect for Chromebooks Extension to all devices?

Using Connect for Chromebooks with a browser home page

Using the Google Admin Console, you can configure a common home page for all Chromebooks (referred to as Pages to Load on Startup in the Console). If you make use of this or a captive user portal on start-up, be aware that these might load faster than Connect for Chromebooks can authenticate the user. This might result in the page load being treated as originating from an unauthenticated user. However, after that, filtering does continue as normal.

Using Chromebooks off-site

If your Chromebooks are regularly used off-site, you can still apply the same filtering policies applied to your on-site users, such as blocking all gaming and gambling websites. See our knowledge base article, How do I filter my Google devices when external to the network?

Troubleshooting Connect for Chromebooks

See our knowledge base article, Troubleshooting Connect for Chromebooks.

Things you can do here

Setting up Google authentication verification for Chromebooks

Page reference details

Google

Watch the video

Authentication with Google

Something not right? .