This article aims to provide extra guidance when using Google verification with Connect for Chromebooks.
Connect for Chromebooks is a Chrome™ extension custom utility that can be deployed to all Chromebooks on your network. Once the user is logged into the Chromebook, Connect for Chromebooks handles any subsequent authentication requests.
The Chromebook authentication feature allows internal users to authenticate themselves using their Google credentials, whilst enforcing organizational web filtering policies wherever they are located.
You can setup the Connect for Chromebooks extension to verify the user-supplied credentials with Google's OpenAuth (OAuth) servers. This involves:
- Creating a Google web application, which includes a client ID and client secret expected when communicating with Google's OAuth servers
- Configuring the Smoothwall to Connect for Chromebooks communication
- Distributing the HTTPS certificate from the Smoothwall to all Chromebooks
- Deploying the Connect for Chromebooks extension to all Chromebooks
- Creating filtering and access policies on your Smoothwall
- Granting permission for Google to view users' email addresses
An alternative method, which removes the user credential check with Google's OAuth servers (effectively trusting that the credentials are correct), is available here.
- From the Google API console, create a Google web application, and make a note of the returned Client ID and Client Secret see Where do I get the Client ID and Client Secret from for Google authentication?.
- From the Smoothwall administration user interface, go to Services > Authentication > Google, and configure Connect for Chromebooks for Google verification go to the Using Connect for Chromebooks help page, and complete the following sections:
- Enabling Connect for Chromebooks
- Validating the HTTPS certificate
- Determining domain behavior
- Ensuring user identity is validated
- Uploading the Client ID and Client Secret created in step 2
- Customizing the client login page
- From the Smoothwall administration user interface, create filtering and access policies in Guardian see How do I allow Google services through my Smoothwall?
- From the Google Admin console, distribute the HTTPS certificate you downloaded in step 2b to all Chromebooks see How do I distribute the HTTPS certificate to all my Chromebooks?
- Still in the Google Admin console, add the proxy details for the Smoothwall appliance that filters Chromebook web traffic see How do I roll out proxy settings to all my Chromebooks? .
- Still in the Google Admin console, add the client login page as a startup page for all Chromebooks see How do I use the Connect for Chromebooks Client Login Page as a Chromebook Startup Page?
- Still in the Google Admin console, deploy the Connect for Chromebooks extension to all Chromebooks see How do I deploy the Connect for Chromebooks Extension to all devices?
- If your Chromebooks are taken and used off-site, you can still apply the same filtering policies applied to users that are on your network, such as, blocking all gaming and gambling websites to all students. For a detailed description of how to do this, see How do I filter my Google devices when external to the network?
- Log into a Chromebook using valid user credentials.
You may find your users see a block page instead of the startup page. This is because Google prioritizes user authentication over the launching of third party apps, and therefore the Connect for Chromebooks extension does not know the user is authenticated and blocks access. In this scenario, the Connect for Chromebooks icon is gray but only for a matter of seconds before everything is started normally.
- Grant Google permission to view the user's email address see How do I use the Connect for Chromebooks Client Login Page as a Chromebook Startup Page?
- Open a Chrome browser. You should see the Connect for Chromebooks icon in the browser's icon tray in the top right.
- If the icon is a green shield, the extension is connected and functioning.
- Go to a web site that is allowed for that particular user. This should be successful.
- Now, try going to a website that is blocked for that users. You should see the block page now.
If the shield is red, Connect for Chromebooks is in an error state see Troubleshooting Connect for Chromebooks.
Tip: To stop users from bypassing the web filter when using their Chromebooks, you should enroll all devices. We also recommend blocking apps and extensions that are not licensed by your organization see How do I deploy the Connect for Chromebooks Extension to all devices?.