Configuring the Google and Chromebook settings, and downloading the HTTPS certificate
Note: The Smoothwall Filter and Firewall hardware appliance must be configured with a fully qualified hostname, for example, my.smoothwall.com, see our help topic, Changing the system's host name and how it identifies itself to the network. Make sure that the DNS server used by the Chromebooks maps the Smoothwall Filter’s fully qualified hostname to the Smoothwall Filter internal IP address used by the Chromebooks to connect to.
- Make sure you have done the previous steps, see our knowledge base article, Using Your Google Account as a Directory and Applying Your Filter Policies to Your Devices.
- On the SERVICES menu, under the Authentication submenu, click Google.
- Under the Google settings section:
- To turn on Google Sign-In on the SSL login page, select the Google Sign-In button option.
- To only accept logins from specific domains, select the Approved domains option and type the list of domains that you want to include. Users from non-approved domains can still log on to their Chromebooks using their Google credentials, but are placed in the Unauthenticated IPs group.
- If your directory service doesn't need the domain name to form part of the username to log in, select the Remove domain name option.
- To use the Google authentication service to confirm the identity of the user, select Validate user identity. We recommend that if you have Chromebook devices that you clear this option but if you use non-Chromebook devices that you select this option. This is because with this option selected Chromebook users would need to log on twice.
- Type in the Client ID and Client Secret, see our knowledge base, Creating the Client ID and Client Secret from for Google Authentication .
Warning: Selecting the Validate user identity option changes the Smoothwall Connect for Chromebooks extension behavior from trusting to verifying. We recommend that you inform your users because they need to sign in.
- You might want to customize the sign-in page, you can do this in the Smoothwall Filter and Firewall, see our help topic, Customizing the SSL Login Page.
Note: If you're using the Google directory service for user group mappings, don't select this option because the full email address is needed for the username.
- Under the Chromebook settings section:
- To allow users to log on using their Chromebook credentials, select the Connect for Chromebooks option.
- To download the HTTPS Certificate so that you can upload it to your Google account, click Download certificate.
- Click Save changes.
- The client login page is accessed from the following URL: https://<hostname>:442/modules/auth/cgi-bin/google/login.fcgi
- where hostname is the fully qualified host name of the Smoothwall. For example: https://my.smoothwall.com:442/modules/auth/cgi-bin/google/login.fcgi
- From the Google Admin Console, set this URL in the Pages to Load on startup parameter, see our knowledge base article, How do I use the Connect for Chromebooks Client Login Page as a Chromebook startup Page?.
- Continue with your setup, see our knowledge base article, Using Your Google Account as a Directory and Applying Your Filter Policies to Your Devices