Securly supports Single Sign-On with Google Ads that make the sign-in process easier for your users while allowing Securly to filter content appropriately.
You can set up Google AD SSO with Securly if you are a Securly DNS Customer with Windows Server 2008R2 and above.
- Google Cloud Directory Sync (GCDS) to sync your AD installation with G Suite in the cloud.
- IIS server on the local intranet that runs on Windows Server 2008R2 and above.
- Active Directory username that matches the first part of the Google email address.
- All Windows and Mac machines have joined the domain.
- The "Forced Login" feature is enabled in Securly’s Global Settings.
Note that it is recommended that you do not install Securly AD SSO on a server already running an IIS.
Note that you will need to allow the execution of unsigned scripts.
- Download and unzip the Securly Google AD SSO.zip
- At the Elevated/Administrative PowerShell, enter: "Set-Execution Policy Unrestricted "
- Then run the "setup.ps1" from the correct folder matching your OS.
- The script will install IIS, Enable Windows Authentication & set permissions.
- Once deployed, verify that the site and file are accessible from clients on your network in this format: http://hostname/securlysso/debug.aspx (Hostname is preferred because of intranet zone settings for authentication. If you are using the FQDN, additional security settings may need to be changed in your browser.)
No dots (No FQDN) can be used in the IIS server path.
Enable AD SSO in the Securly UI
- Login to your Securly Safety Console.
- Navigate to the Policy Editor > Global Settings > Enable Active Directory single sign-on
- Toggle the switch to Enable Active Directory SSO. This will open the intranet address field.
- Click on "Yes, Enable AD SSO".
- Input your intranet address (http://hostname/securlysso) and click the + sign
- Input your Active Directory Domain and your Google App domain and click the + sign
- Options: If you have more than one Active Directory domain, add each additional domain set and click the + sign.
Note that if you have several G Suite domains, you may enter multiple mappings, but all should point to your Active Directory domain.
Article is closed for comments.