Filtering Non-Chromebook devices
If you make use of a Google G Suite domain but also have non-Chromebook devices requesting authentication, you can use an SSL login page (for authentication over HTTPS) or another sign-in page (for authentication over HTTP) as a "go-between" for services that need authentication on those non-Google devices.
Typically, the page prompts users for their credentials according to their domain. By turning on the Google sign-in button, Google user credentials stored locally in a cookie can be used to authenticate instead.
Note: The following assumes that you've not configured your G Suite domain for Connect for Chromebooks and is the same method for both SSL and non-SSL login pages.
- From the Google API Console, create a web application and review the returned Client ID and Client secret, see our knowledge base article, Creating the Client ID and Client Secret from for Google Authentication .
- Create relevant authentication policies for SSL / non-SSL authentication, see our help topic, Creating authentication policies.
- Customize the sign-in page, see our help topic, Customizing the SSL Login Page.
- On the SERVICES menu, under the Authentication submenu, click Google.
- You must also select Validate user identity.
- Two new parameters appear. Enter the Client ID and Client secret created in step 1.
- Under the Google settings section, select Google Sign-In button.
- Under the Chromebook settings section, select Connect for Chromebooks.
- Optionally, Approve domains
- optionally, remove domain names
- Click Save changes.
- If you're using SSL login pages, you also need to download the HTTPS certificate and install it on your network devices. Click Download certificate.
- Distribute the HTTPS certificate previously downloaded to all network devices. Typically, you can use a domain-wide policy to push the certificate out.
Tip: For troubleshooting, see our knowledge base article, Google Sign-In Button Not Working on SSL / non-SSL Login pages.