In order to successfully connect your Smoothwall to your G Suite domain, you must create a Service Account in the Google Developers Console.
Google Service Accounts grant access for that machine or appliance to Google. In the most basic of terms, the Service Account you create here is Smoothwall's passport. The Client ID (downloaded in readiness for authorizing the Service Account) is the passport number. Without these, the Smoothwall cannot "cross the boarder" into Google to access usernames, groups, and organizational units.
The account allows the Smoothwall to read your G Suite domain user and group information. The Service Account must be downloaded in a JSON format.
Note: Disclaimer: The following instructions are correct at the time of writing. Google feature names and links may change over time. Correct as of 27th Sept 2018.
- Go to https://console.developers.google.com and log in as an admin user.
If it is the first time you log in as a new user you will be prompted to accept the Google terms and conditions.
- Create a new project (IAM & Admin > Projects > CREATE PROJECT). You cannot reuse an existing project if you have created any previously.
Note: If you have previously created projects under the logged in username, you may find the menu options are project_name > Create a project, where project_name is a previously created project.
- Enter a suitable Project Name, for example,
- Click Create.
The project name appears in the top left when it has been successfully created.
- Click the menu icon at the top left, and select IAM & Admin.
- Click Service accounts.
- Click CREATE SERVICE ACCOUNT.
- Configure the following:
- Service account name Enter an appropriate name for this service account.
- Service account description.
- Click Create
- This will then bring up the Service account permissions (optional) screen.
- Select Role - Do not select a role
- Click Continue
- This will then bring up the Grant users access to this service account (optional) screen.
- Service account users role - Do not enter any information
- Service account admins role - Do not enter any information
- Create Key (optional)
- Click Create key
- Choose JSON key type
- Click Create
- JSON key is downloaded automatically to your computer, click close on the popup
- Click Done
- Obtain the Unique ID number (previously this was the Client ID) - This is done by enabling the Unique key view in the ||| options icon. This number will be required to authorize the service account.
- If a consent screen has not been configured previously, you are prompted to configure a Product name for the consent screen.
- If not prompted, consent screen is configured at APIs & Services>Credentials>OAuth consent screen. Add Product name shown to users and save
A consent screen is only displayed to users when Connect for Chromebooks verifies the user credentials with Google see How to Setup Google Verification with Connect for Chromebooks. Users must grant permission for their credentials to be checked with Google. Even though this is not needed when Connect for Chromebooks extension to trust the user-supplied G Suite domain credentials, you cannot leave this setting blank.
- Click > API Manager > Library.
- From the Google Apps APIs list, click Admin SDK.
Tip: If the Admin SDK link is not immediately obvious, enter
Admin SDK into the search bar at the top of the section.
- Click Enable API.
What's Left To Do?
- How do I authorize the Google Service Account?
- Create a Google Directory connection on your and synchronize it with your G Suite domain
- Enable the Connect for Chromebooks service on your Smoothwall
- How do I allow Google services through my Smoothwall?
- How do I distribute the HTTPS certificate to all my Chromebooks?
- How do I roll out proxy settings to all my Chromebooks?
- How do I deploy the Connect for Chromebooks Extension to all devices?
- How do I filter my Google devices when external to the network?
- Troubleshooting Connect for Chromebooks
- Go back to How to Setup Google as a Directory with Connect for Chromebooks