Securly supports Single Sign-On with Google that makes the sign-in process easier for your users while allowing Securly to filter content appropriately.
You can set up Google AD SSO with Securly if you are a Securly DNS Customer with Windows Server 2008R2 and above.
Prerequisites
- Google Cloud Directory Sync (GCDS) to sync your AD installation with Google Workspace in the cloud.
- IIS server on the local intranet that runs on Windows Server 2008R2 and above.
- Active Directory username that matches the first part of the Google email address.
- All Windows and Mac machines have joined the domain.
- "Force login" is enabled in Securly’s Global Settings.
Note that you are recommended not to install Securly AD SSO on a server already running an IIS.
Install
Note that you will need to allow the execution of unsigned scripts.
- Download and unzip the Securly Google AD SSO.zip
- At the Elevated/Administrative PowerShell, enter: "Set-Execution Policy Unrestricted "
- Then run the "setup.ps1" from the correct folder matching your OS.
- The script will install IIS, Enable Windows Authentication & set permissions.
- Once deployed, verify that the site and file are accessible from clients on your network in this format: http://hostname/securlysso/debug.aspx (Hostname is preferred because of intranet zone settings for authentication. If you are using the FQDN, additional security settings may need to be changed for your browser.)
No dots (No FQDN) can be used in the IIS server path.
Enable AD SSO in the Securly UI
- Log in to Securly Filter.
- Navigate to the Policy Editor > Global Settings > Enable active directory single sign-on.
- Toggle the switch to Enable Active Directory single sign-on. This will open the intranet address field.
- Input your intranet address (http://hostname/securlysso) and click on 'Save'.
- If you have more than one Active Directory domain, add each additional domain set and click 'Add more.'
Note that if you have several Google Workspace domains, you may enter multiple mappings, but all should point to your Active Directory domain.
Comments
Article is closed for comments.