Filtering Non-Chromebook devices

If you make use of a Google G Suite domain but also have non-Chromebook devices requesting authentication, you can use an SSL login page (for authentication over HTTPS) or another sign-in page (for authentication over HTTP) as a "go-between" for services that need authentication on those non-Google devices.

Typically, the page prompts users for their credentials according to their domain. By turning on the Google sign-in button, Google user credentials stored locally in a cookie can be used to authenticate instead.

Prerequisites

Note: The following assumes that you've not configured your G Suite domain for Connect for Chromebooks and is the same method for both SSL and non-SSL login pages.

  1. From the Google API Console, create a web application and review the returned Client ID and Client secret, see our knowledge base article, Creating the Client ID and Client Secret from for Google Authentication .
  2. Create relevant authentication policies for SSL / non-SSL authentication, see our help topic, Creating authentication policies.
  3. Customize the sign-in page, see our help topic, Customizing the SSL Login Page.

Procedure

  1.  On the SERVICES menu, under the Authentication submenu, click Google.
  2. You must also select Validate user identity.
  3. Two new parameters appear. Enter the Client ID and Client secret created in step 1.
  4. Under the Google settings section, select Google Sign-In button.
  5. Under the Chromebook settings section, select Connect for Chromebooks.
    1. Optionally, Approve domains
    2. optionally, remove domain names
  6. Click Save changes.

 

 

Follow-up tasks

  1. If you're using SSL login pages, you also need to download the HTTPS certificate and install it on your network devices. Click Download certificate.
    • Distribute the HTTPS certificate previously downloaded to all network devices. Typically, you can use a domain-wide policy to push the certificate out.
  2. Allow Google services through your Smoothwall, see our knowledge base article, Allowing Access to Google Services.
  3. If you allow your network devices to be used off-site, but want their web traffic to still be filtered, you can create web filtering policies that allow this, see our knowledge base article, How do I filter my Google devices when external to the network?.
  4. Google makes use of cookies to authenticate users. For this feature to work seamlessly, you must make sure that cookies are turned on in users' browsers.
  5. We recommend that you advise your users to grant Google permission to view before they can continue browsing:

Tip: For troubleshooting, see our knowledge base article, Google Sign-In Button Not Working on SSL / non-SSL Login pages.