|#||Connect for Chromebooks||Glamis onwards|
In order to successfully connect your Smoothwall to your G Suite domain, you must create a Service Account in the Google Developers Console.
Google Service Accounts grant access for that machine or appliance to Google. In the most basic of terms, the Service Account you create here is Smoothwall's passport. The Client ID (downloaded in readiness for authorizing the Service Account) is the passport number. Without these, the Smoothwall cannot "cross the boarder" into Google to access usernames, groups, and organizational units.
The account allows the Smoothwall to read your G Suite domain user and group information. The Service Account must be downloaded in a JSON format.
Note: Disclaimer: The following instructions are correct at the time of writing. Google feature names and links may change over time.
- Go to https://console.developers.google.com and log in as an admin user.
If it is the first time you log in as a new user you will be prompted to accept the Google terms and conditions.
- Create a new project (IAM & Admin > Projects > CREATE PROJECT). You cannot reuse an existing project if you have created any previously.
- Enter a suitable Project Name, for example,
- Click Create.
- Click the menu icon at the top left, and select IAM & Admin.
- Click Service accounts.
- Click CREATE SERVICE ACCOUNT.
- Configure the following:
Note: If you have previously created projects under the logged in username, you may find the menu options are project_name > Create a project, where project_name is a previously created project.
The project name appears in the top left when it has been successfully created.
- Service account name — Enter an appropriate name for this service account.
- Role — Do not select anything for Role.
- Service account ID — This automatically filled in, based on the Project name and Service account name.
- Furnish a new private key — Select this option.
- Enable G Suite Domain-wide delegation — Select this option. Without this, the Client ID will not be generated.
Additional parameters are made available to you:
From Key type, select JSON.
A consent screen is only displayed to users when Connect for Chromebooks verifies the user credentials with Google — see How to Setup Google Verification with Connect for Chromebooks. Users must grant permission for their credentials to be checked with Google. Even though this is not needed when Connect for Chromebooks extension to trust the user-supplied G Suite domain credentials, you cannot leave this setting blank.
Connect for Chromebooks.
The private key, in
JSON format, is downloaded to your computer. Keep this in a safe place as you cannot download it again from the Google console.
The newly created service account appears in the Service account page.
Client IDs are a string of numbers, for example,
You do not need to click Save at this point as no changes have been made.
Tip: If the Admin SDK link is not immediately obvious, enter
Admin SDK into the search bar at the top of the section.
What's Left To Do?
- How do I authorize the Google Service Account?
- Create a Google Directory connection on your and synchronize it with your G Suite domain
- Enable the Connect for Chromebooks service on your Smoothwall
- How do I allow Google services through my Smoothwall?
- How do I distribute the HTTPS certificate to all my Chromebooks?
- How do I roll out proxy settings to all my Chromebooks?
- How do I deploy the Connect for Chromebooks Extension to all devices?
- How do I filter my Google devices when external to the network?
- Troubleshooting Connect for Chromebooks
- Go back to How to Setup Google as a Directory with Connect for Chromebooks
|Last updated:||Author:||Contributions by:|
|23rd November 2016||Tanja Ehrhardt||Samantha Nair|