All Collections
Single Sign-On
G Suite Settings
Setting up Wonde as your Google Workspace identity provider for Chrome devices / Google Workspace logins
Setting up Wonde as your Google Workspace identity provider for Chrome devices / Google Workspace logins

Follow these steps to setup your Google Workspace account for signing in to Chromebooks using your Wonde Emoji passwords or Magic Badges!

Peter Dabrowa avatar
Written by Peter Dabrowa
Updated over a week ago

You can simplify logging into Chromebooks by enabling Wonde as your Identity Provider. You will need an administrator account for your school's Google Workspace tenant in order to complete these steps. Start by visiting https://admin.google.com and logging in with this administrator account.

Required Settings

Note:- Before beginning the setup process below, you will need to allow accounts.google.com on your network filter to avoid filtering issues with Chrome device sign-ins.

  1. Navigate to Security > Set up single sign-on (SSO) with a third-party IdP

  2. Click SSO profile for your organisation at the top of the page.

  3. For both Sign-in page URL & Sign-out page URL enter https://edu.wonde.com/chrome-os

  4. Download our Identity Provider certificate from https://wonde.com/idp-public-cert.pem

  5. Upload the certificate under Verification certificate

  6. Enable Use a domain specific issuer

  7. At the bottom of the section, click Save

  8. Navigate to Devices > Chrome > Settings > Device

  9. Select the Organisational Unit you are using for your Wonde SSO enabled Chromebook on the left-hand side.

  10. Under Single Sign-On IdP Redirection, set Redirect users to SAML SSO IdP to Allow users to go directly to SAML SSO IdP page

  11. Under Single Sign-On Camera Permissions, add https://edu.wonde.com

  12. Under User data select Erase all local user data

  13. At the top of the page, click Save

  14. Navigate to Devices > Chrome > Settings > User & browsers

  15. Under Single Sign-On, set SAML-based Single Sign-On for Chrome Devices to Enable SAML-based Single Sign-On for Chrome Devices

  16. Under Cookies set Default Cookie Setting to Allow the user to decide or Allow cookies

  17. At the top of the page, click Save

Additional Settings

We recommend configuring the settings below for the best possible user experience when logging into a Chromebook via Wonde.

  1. Navigate to Device Management > Chrome Management > User and browser settings

  2. Select the user OU (not the device OU) containing the Wonde users who will be logging in with Chromebooks

  3. Under Lock Screen, set Lock Screen to Do not allow locking screen

  4. Under Idle Settings, set Action on idle to Logout, Action on lid close to Logout, Lock screen on sleep to Lock screen

  5. Under Pages to Load on Startup enter https://edu.wonde.com

  6. At the bottom of the section, click Save

Setting up Wonde as an identity provider for select organisational units

If you choose to carry out the steps below you can remove any network masks you have entered to restrict use of Wonde as an IdP to chrome devices only. If you do this, users in the organisational units you choose to be affected by Wonde as your Google identity provider will be required to login to Google Workspace with Wonde credentials on any device.

  1. In the Google Admin Console navigate to Security >> Setup single sign-on (SSO) with a third party IdP and scroll to the bottom of the page and under Manage SSO profile assignments for organisational units or groups click 'Get started'

2. Select an OU on the left-hand side of the page as marked in red below and select Organisation's third-party SSO profile on the right-hand side of the page or if you want the users in the OU you have selected to use Google credentials to access Google Workspace, select None.

(If you select Organisation's third-party SSO profile and you want to use Wonde as the IdP for Google Workspace, then you need to make sure you have followed the steps earlier on in this guide to select SAML SSO login as the form of authentication for the selected OU).

Did this answer your question?