You can simplify logging into Chromebooks by enabling Wonde as your Identity Provider. You will need an administrator account for your school's GSuite in order to complete these steps. Start by visiting https://admin.google.com and logging in with this administrator account.

Required Settings

  1. Navigate to Security > Set up single sign-on (SSO)

  2. Enable Setup SSO with third party identity provider

  3. For Sign-in page URL & Sign-out page URL enter https://edu.wonde.com/chrome-os

  4. Download our Identity Provider certificate from https://wonde.com/idp-public-cert.pem

  5. Upload the certificate under Verification certificate and then click Save

  6. Enable Use a domain specific issuer

  7. Optionally, for Network masks, if you want to restrict the use of Wonde SSO to only a subset of your users then enter one more CIDR notation network masks (see https://support.google.com/a/answer/6369487 for more information)

  8. At the bottom of the section, click Save

  9. Navigate to Devices > Chrome > Settings > Device (Please skip to step 15 if you're not setting up Wonde as an IdP for Chrome OS devices)

  10. Select the OU you are using for your Wonde SSO enabled Chromebook.

  11. Under Single Sign-On IdP Redirection, set Redirect users to SAML SSO IdP to Allow users to go directly to SAML SSO IdP page

  12. Under Single Sign-On Camera Permissions, add https://edu.wonde.com

  13. Under User data select Erase all local user data

  14. At the bottom of the section, click Save

  15. Navigate to Devices > Chrome > Settings > User & browsers

  16. Under Cookies set Default Cookie Setting to Allow sites to set cookies

  17. At the bottom of the section, click Save

Additional Settings

We recommend configuring the settings below for the best possible user experience when logging into a Chromebook via Wonde.

  1. Navigate to Device Management > Chrome Management > User Settings

  2. Select the OU containing the Wonde users who will be logging in with Chromebooks

  3. Under Lock Screen, set Lock Screen to Do not allow locking screen

  4. Under Idle Settings, set Action on idle to Logout, Action on lid close to Logout, Lock screen on sleep to Lock screen

  5. Under Single Sign-On, set SAML-based Single Sign-On for Chrome Devices to Enable SAML-based Single Sign-On for Chrome Devices

  6. Under Pages to Load on Startup enter https://edu.wonde.com

  7. At the bottom of the section, click Save

Setting up Wonde as an identity provider for select organisational units

If you choose to carry out the steps below you can remove any network masks you have entered to restrict use of Wonde as an IdP to chrome devices only (more on this here). If you do this, users in the organisational units you choose to be affected by Wonde as your Google identity provider will be required to login to Google Workspace with Wonde credentials on any device.

  1. In the Google Admin Console navigate to Security >> Setup single sign-on (SSO) with a third party IdP and scroll to the bottom of the page and under Manage SSO profile assignments for organisational units or groups click 'Get started'

2. Select an OU on the left-hand side of the page as marked in red below and select Organisation's third-party SSO profile on the right-hand side of the page or if you want the users in the OU you have selected to use Google credentials to access Google Workspace, select None.

(If you select Organisation's third-party SSO profile and you want to use Wonde as the IdP for Google Workspace, then you need to make sure you have followed the steps earlier on in this guide to select SAML SSO login as the form of authentication for the selected OU).

Did this answer your question?