Filtering Non-Chromebook devices
If you make use of a Google G Suite domain but also have non-Chromebook devices requesting authentication, you can use an SSL login page (for authentication over HTTPS) or another sign-in page (for authentication over HTTP) as a "go-between" for services that need authentication on those non-Google devices.
Typically, the page prompts users for their credentials according to their domain. By turning on the Google sign-in button, Google user credentials stored locally in a cookie can be used to authenticate instead.
Prerequisites
Note: The following assumes that you've not configured your G Suite domain for Connect for Chromebooks and is the same method for both SSL and non-SSL login pages.
- From the Google API Console, create a web application and review the returned Client ID and Client secret, see our knowledge base article, Creating the Client ID and Client Secret from for Google Authentication .
- Create relevant authentication policies for SSL / non-SSL authentication, see our help topic, Creating authentication policies.
- Customize the sign-in page, see our help topic, Customizing the SSL Login Page.
Procedure
- On the SERVICES menu, under the Authentication submenu, click Google.
- You must also select Validate user identity.
- Two new parameters appear. Enter the Client ID and Client secret created in step 1.
- Under the Google settings section, select Google Sign-In button.
- Under the Chromebook settings section, select Connect for Chromebooks.
-
- Optionally, Approve domains
- optionally, remove domain names
- Click Save changes.
Follow-up tasks
- If you're using SSL login pages, you also need to download the HTTPS certificate and install it on your network devices. Click Download certificate.
- Distribute the HTTPS certificate previously downloaded to all network devices. Typically, you can use a domain-wide policy to push the certificate out.
- Allow Google services through your Smoothwall, see our knowledge base article, Allowing Access to Google Services.
- If you allow your network devices to be used off-site, but want their web traffic to still be filtered, you can create web filtering policies that allow this, see our knowledge base article, How do I filter my Google devices when external to the network?.
- Google makes use of cookies to authenticate users. For this feature to work seamlessly, you must make sure that cookies are turned on in users' browsers.
- We recommend that you advise your users to grant Google permission to view before they can continue browsing:
Tip: For troubleshooting, see our knowledge base article, Google Sign-In Button Not Working on SSL / non-SSL Login pages.