This article aims to provide extra guidance when using Google as a Directory service with Connect for Chromebooks.
Connect for Chromebooks is a Chrome™ extension custom utility that can be deployed to all Chromebooks on your network. Once the user is logged into the Chromebook, Connect for Chromebooks handles any subsequent authentication requests.
The Chromebook authentication feature allows internal users to authenticate themselves using their Google credentials, whilst enforcing organizational web filtering policies wherever they are located.
You can setup the Connect for Chromebooks extension to trust the user-supplied G Suite domain credentials. This involves:
- Creating and authorizing a Google Service Account
- Configuring a Google directory connection from the Smoothwall to your G Suite domain
- Configuring the Smoothwall to Connect for Chromebooks communication
- Distributing the HTTPS certificate from the Smoothwall to all Chromebooks
- Deploying the Connect for Chromebooks extension to all Chromebooks
- Creating filtering and access policies on your Smoothwall
An alternative method, which prevents user credential spoofing, is available here.
- From the Google API console, create a Google Service Account, and download the private key as a JSON format file see How do I create a Google Service Account?.
- From the Google Admin console, authorize the Google Service account see How do I authorize the Google Service Account?.
- From the Smoothwall administration user interface, go to Services > Authentication > Directories, and configure a Google directory connection see Configuring Google as a Directory Service.
- This where you upload the Service Account private key.
- Ensure you synchronize the Smoothwall with your G Suite domain
- Enabling Connect for Chromebooks
- Validating the HTTPS certificate
- Determining domain behavior
- Ensuring user identity is not validated
If your Chromebooks use a common startup page, you may find your users see a block page instead of the startup page. This is because Google prioritizes user authentication over the launching of third party apps, and therefore the Connect for Chromebooks extension does not know the user is authenticated and blocks access. In this scenario, the Connect for Chromebooks icon is gray but only for a matter of seconds before everything is started normally.
- Open a Chrome browser. You should see the Connect for Chromebooks icon in the browser's icon tray in the top right.
- If the icon is a green shield, the extension is connected and functioning.
- Go to a website that is allowed for that particular user. This should be successful.
- Now, try going to a website that is blocked for that users. You should see the block page now.
- If the shield is red, Connect for Chromebooks is in an error state see Troubleshooting Connect for Chromebooks.
Tip: To stop users from bypassing the web filter when using their Chromebooks, you should enroll all devices. We also recommend blocking apps and extensions that are not licensed by your organization see How do I deploy the Connect for Chromebooks Extension to all devices?.