Securly supports Single Sign On with Google AD that makes the sign in process easier for your users while allowing Securly to filter content appropriately.
You can set up Google AD SSO with Securly if you are a Securly DNS Customers with Windows Server 2008R2 and above.
- Google Cloud Directory Sync (GCDS) to sync your AD installation with G Suite in the cloud.
- IIS server on the local intranet that runs on Windows Server 2008R2 and above.
- Active Directory username that matches the first part of the Google email address.
- All Windows and Mac machines joined to the domain.
- ‘Force login’ enabled in Securly’s Global Settings.
Note that it is recommended that you do not install Securly AD SSO on a server already running an IIS.
Note that you will need to allow the execution of unsigned scripts.
- Download and unzip the Securly Google AD SSO.zip
- At an elevated/Administrative PowerShell enter: " Set-ExecutionPolicy Unrestricted "
- Then run the "setup.ps1" from the correct folder matching your OS.
- The script will install IIS, Enable Windows Authentication & set permissions.
- Once deployed verify that the site and file are accessible from clients on your network in the format: http://hostname/securlysso/debug.aspx (Hostname is preferred because of intranet zone settings for authentication. If using the FQDN, additional security settings may need to be changed for your browser.)
No dots (No FQDN) can be used in the IIS server path.
Enable AD SSO in the Securly UI
- Login to you Securly admin console
- Navigate to Policy Editor > Global Settings > Enable active directory single sign-on.
- Toggle the switch for Enable active directory single sign-on. This will open the intranet address field.
- Input your intranet address(http://hostname/securlysso) and click Save.
- If you have more than one Active Directory domain add each additional domain set and click 'Add more.'
Note that if you have several G Suite domains you may enter multiple mapping, but all should point to your Active Directory domain.