Securly supports Single Sign On with Google AD that makes the sign in process easier for your users while allowing Securly to filter content appropriately.
You can set up Google AD SSO with Securly if you are a Securly DNS Customers with Windows Server 2008R2 and above.
- Google Cloud Directory Sync (GCDS) to sync your AD installation with G Suite in the cloud.
- IIS server on the local intranet that runs on Windows Server 2008R2 and above.
- Active Directory username that matches the first part of the Google email address.
- All Windows and Mac machines joined to the domain.
- ‘Forced login’ enabled in Securly’s Global Settings.
Note that it is recommended that you do not install Securly AD SSO on a server already running an IIS.
Note that you will need to allow the execution of unsigned scripts.
- Download and unzip the Securly Google AD SSO.zip
- At an elevated/Administrative PowerShell enter: " Set-ExecutionPolicy Unrestricted "
- Then run the "setup.ps1" from the correct folder matching your OS.
- The script will install IIS, Enable Windows Authentication & set permissions.
- Once deployed verify that the site and file are accessible from clients on your network in the format: http://hostname/securlysso/debug.aspx (Hostname is preferred because of intranet zone settings for authentication. If using the FQDN, additional security settings may need to be changed for your browser.)
No dots (No FQDN) can be used in the IIS server path.
Enable AD SSO in the Securly UI
- Login to you Securly UI
- Navigate to Policy Editor > Global Settings > Enable Active Directory SSO
- Check the checkbox for Enable Active Directory SSO. This will open the intranet address field.
- Input your intranet address(http://hostname/securlysso) and click the + sign
- Input your Active Directory Domain and your Google App domain and click the + sign
- Options: If you have more than one Active Directory domain add each additional domain set and click the + sign
Note that if you have several G Suite domains you may enter multiple mapping, but all should point to your Active Directory domain.