In order to push the Cloud Filter extension to Chromebook deployments, and provide the necessary group information for logged in users to the extension for accurate identification and filtering, a Google Directory must be created on the Smoothwall Firewall & Filter Appliance - this directory behind provides the method by which the Smoothwall Appliance can map local user groups to G-Suite domains and the groups within and forward that information to the Cloud Filter extension.
NOTE: At this time the Smoothwall Firewall & Filter does not support nested groups in G-Suite, individual user-groups should be 'top-level' groups within the domain.
1 - Configure & Authorize Service Account.
In your Google API (Cloud Platform) console:
- Create a service account, see the Google help topic, Create a service account:
- Make sure you enable the Admin SDK API for the service account.
- Make sure that you take a copy of these:
- Client ID
- JSON key
- When creating your service account, DO NOT perform the optional task of assigning a role to the account. Leave this blank.
In your Google Admin console:
- Amend your advanced security settings to add API client access for your service account, see the Google help topic, OAuth: Managing API client.
- Client Name: Type the Client ID for your Google service account.
- One or More API Scopes: "https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly"
- Block multiple sign-in access for your users, see the Google help topic, Multiple sign-in access:
- User & Browser Settings:
- User experience:
- Multiple sign-in access: "Block multiple sign-in access for users in this organization."
- User experience:
- User & Browser Settings:
2 - Configure Google Directory.
In your Smoothwall Filter and Firewall:
- Add a new Google directory connection, see our help topic, Adding a Google directory.
- This is where you need your JSON key.
- Synchronize your users, see the help topic, Synchronizing Google users, groups and organizational units.
- Map your Google users to your local users in the Smoothwall Filter and Firewall, see our help topic, Mapping Google directory groups to local Smoothwall Filter and Firewall groups.
- Make sure that it is not subject to any firewall policies that would block the Internet Control Message Protocol (ICMP).
- Make sure that you have created your local user groups so that you can map to these, see our help topic, Adding user groups.
- To prevent the username synchronization from failing, make sure that the time set on your Smoothwall Filter and Firewall matches the time set in your Google G Suite domain, see our help topic, Setting the system's time and providing a time service.