Single sign-on (SSO) connection between HENNGE Access Control and Chromebook

Target

Customers who have integrated HENNGE Access Control and Google Workspace for Single Sign-On (SSO) and perform SSO on Chromebook device profile login are the target audience.

Objective

Configure Single Sign-On (SSO) with HENNGE Access Control and Chromebook device profile login, enabling profile login to Chromebook from HENNGE Access Control.

Notes

1. To perform this setup, you need a Chrome Enterprise license.

2. Information (username and password) of the privileged administrator account for Google Workspace tenant is required.

3. Before performing this operation, it is essential to complete the HENNGE Access Control and Google Workspace Single Sign-On (SSO) connection process.

4. Google Workspace accounts with privileged administrator privileges are not eligible for Single Sign-On (SSO).
https://support.google.com/a/answer/6341409?hl=en

5. Depending on your contract, there may be some differences between the content of screenshots and the actual product screen.

6. The content of this article is based on the product as of February 2021 and may be subject to change without notice.

7. For the overall installation process of HENNGE Device Certificate for Chromebook, please refer to the following.

Flow of HENNGE Device Certificate Installation for Chromebook

Detailed Steps and Explanations

1. User and Browser Settings

1.1. Access Google Workspace Admin Console [ Devices ].

1.2. Access [ Chrome ] - [ Settings ] - [ User and browser settings ].

1.3. Modify the following settings under [ Security ].

- Single Sign-On: "Enable SAML-based Single Sign-On for Chrome devices"

1.4. Click [ Save ] in the upper right corner to save the settings.

2. Device Settings

2.1. Access Google Workspace Admin Console [ Devices ].

2.2. Access [ Chrome ] - [ Settings ] - [ Device settings ].

2.3. Modify the following three settings under [ Sign-in settings ].

- Single sign-on IdP redirection: "Allow users to go directly to SAML SSO IdP page"
- Single sign-on cookie behavior: "Enable transfer of SAML SSO cookies into user session during sign-in"
- Single sign-on client certificates:

For HENNGE One users:

{"pattern":"https://verify.ssso.hdems.com","filter":{"ISSUER":{"CN":"Cybertrust DeviceiD Public CA G3h"}}}

For HENNGE One for Education users:

{"pattern":"https://verify.ssso.hdems.com","filter":{"ISSUER":{"CN":"Cybertrust DeviceiD Education CA G3h"}}}

2.4. Click [ Save ] in the upper right corner to save the settings.

3. Verification

HENNGE Access Control and Chromebook Single Sign-On (SSO) Connection Verification

Reference Articles

• Set up SAML Single Sign-On for Chrome devices
• Set policies for Chrome devices