About Google authentication

If your organization makes use of Google credentials for authentication, or uses a Google G Suite domain, you can use the Smoothwall Filter and Firewall to filter users according to their credentials.

Google have deprecated Google+, see our Knowledge base article, Google validation feature fails to show login buttons after March 7th 2019.

Connect for Chromebooks

Connect for Chromebooks is a Chrome extension that you can deploy to your Chromebook devices on your network. Once the user is logged into the Chromebook, Connect for Chromebooks handles any subsequent authentication requests. The Chromebook authentication feature means that internal users can authenticate themselves using their Google credentials, whilst enforcing organizational web filtering policies wherever they're located. To prevent users from bypassing the web filter, you should make sure that the Chromebook devices are enrolled, and unwanted extensions and applications are blocked from installing.

Tip: Google Chromebooks allow multiple users to log into a single Chromebook device at any one time. For Connect for Chromebooks to work seamlessly, you need to turn this feature off. For a detailed description of how to do this, refer to the Google documentation at http://admin.google.com.

You can choose to either use Google verification or to trust users' G Suite domain credentials.

Google verification

Google verification means that the Connect for Chromebooks extension can confirm the user's credentials by communicating with Google's OAuth servers. It provides another level of authentication security, it's suitable for Bring Your Own Device (BYOD) network configurations and it's suitable for non-enrolled Chromebooks.

Trust users' G Suite domain credentials

By trusting the users' G Suite domain credentials, Connect for Chromebooks can send the supplied user credentials to the Smoothwall. Further verification isn't needed because the Google G Suite domain has already verified the user when they logged into the Chromebook. This is a more straight-forward setup for networks that have more control over the Chromebooks and it's suitable for enrolled Chromebooks.

Additional configuration for both authentication methods

The following applies to both methods described, and follows the same configuration path detailed in both knowledge base articles, Configuring Your Smoothwall Filter and Firewall to Use Your Google Account as a Directory and Apply Your Filter Policies to Your non-Chromebook Devices and Configuring Your Smoothwall Filter and Firewall to Use Your Google Account as a Directory and Apply Your Filter Policies to Your Chromebook Devices.

Create filtering and access policies

You must create policies to make sure that your Chromebook traffic is filtered seamlessly. See our knowledge base article, Allowing Access to Google Services.

Add proxy settings to the Chromebooks

Each Chromebook device must be setup to proxy through the Smoothwall. You use the Google Admin Console to push the configuration to all devices, rather than setting each one up individually, see our knowledge base article, How do I roll out proxy settings to all my Chromebooks?.

Deploy Connect for Chromebooks

Connect for Chromebooks doesn't need you to install the extension on a server for deployment to all Chromebooks. Instead, you must link to it from the Google Admin Console, http://admin.google.com, which then includes it in the Chromebook configuration pushed out to all clients. See our knowledge base article, How do I deploy the Connect for Chromebooks Extension to all devices?

Using Connect for Chromebooks with a browser home page

Using the Google Admin Console, you can configure a common home page for all Chromebooks (referred to as Pages to Load on Startup in the Console). If you make use of this or a captive user portal on start-up, be aware that these might load faster than Connect for Chromebooks can authenticate the user. This might result in the page load being treated as originating from an unauthenticated user. However, after that, filtering does continue as normal.

Using Chromebooks off-site

If your Chromebooks are regularly used off-site, you can still apply the same filtering policies applied to your on-site users, such as blocking all gaming and gambling websites. See our knowledge base article, How do I filter my Google devices when external to the network?

Troubleshooting Connect for Chromebooks

See our knowledge base article, Troubleshooting Connect for Chromebooks.

The HTTPS Certificate

The HTTPS certificate presented by the Smoothwall must be validated by the Chromebooks. To do this, you must download the HTTPS certificate from your Smoothwall, and upload it to the Google Admin Console for distribution to the Chromebook devices. All Chromebooks must have the HTTPS certificate from the Smoothwall appliance installed to prove they are trusted when connecting to the Smoothwall. Rather than installing the certificate on each individual Chromebook on the network, you can use the Google Admin Console to push the certificate out to all devices.

Tip: If you have recently changed the host name of the Smoothwall and are having issues with Connect for Chromebooks, check to make sure the host name in the certificate matches with the host name of the Smoothwall.

Determine domain behavior

You can accept logins only from approved domains, by listing them in your Smoothwall. This way, users from non-approved domains can still log into their Chromebooks using their Google credentials, but are placed in the Unauthenticated IPs group (see the help topic, Adding user groups) and filtered accordingly.

Alternatively, you can list the domains in your Google Admin Console. However, using this methodology, users from unlisted domains are unable to log into their Chromebook devices.

Things you can do here

Configuring the Google and Chromebook settings, and downloading the HTTPS certificate

Page reference details


Watch the video

Authentication with Google

Something not right? .