Setting up Google as an Authentication source for your Rocket/Web Filter will allow users to seamlessly sign on to their Chromebook devices and Google services with their Web Filter policies. GAFE Single Sign On (SSO) can be set up by following the steps below to configure Google as an authentication source.

Note:

The way Google authentication works it can be used for personal overrides but not the “teacher override” where the override is performed for another user.

Configuring a Google authentication source

Note: This procedure requires Lightspeed System Rocket release 2.7.0rc3 or later.

Configure the Google Web App

Click Go to My Console

google-cloud-console

create-new-google-project

apis-and-auth

Click APIs

enable-the-admin-sdk

click-credentials

Note

Make sure that your project has a product name under APIs & Auth -> Consent screen. If the name is missing, you will either see 'Error: disabled_client' or 'Error: invalid_client' when adding the authentication source.

create-client-id

create-web-application

Note:

Redirect URLs must be HTTP and not HTTPS.

 

client-id-and-secret


This will complete setup of the Google web app.

Enable API Lookups for the Google Domain

click-on-security-icon

click-api-reference

enable-api-access

This will complete setup on the Google side.

Configure a Google Authentication Source on the Rocket Appliance

add-google-auth-source

google-api-calls

Note:

You must be logged in as an administrator of your Google domain. It will look like everything was setup fine, however, the auth source just won’t work. A client accessing this will either get a 401 Unauthorized or 403 Forbidden when attempting to use the auth source.