Skip to main content
Cisco Meraki

Google Sign-In

  1. Last updated
  2. Save as PDF

Overview

Google Sign-in is offered out of the box with Meraki Access Points via the Meraki Cloud. For more information on all of the different splash page options see the Splash Page Overview.

Google changed their OAuth policies in 2021 which may prevent users from authenticating with Google using the iOS/macOS Captive Network Assistant (CNA / the built in captive portal browser). User will be shown the following warning:

Error 403: disallowed useragent

You can't sign in from this screen because this app doesn't comply with Google's secure browsers policy. If this app has a website, you can open a web browser and try signing in from there.

iOS Screenshot showing Google 403

For more information, see Google's Developer Blog post on this topic.

Due to the OAuth policy changes, some devices may also not redirect to the splash page automatically. The user will receive an Error 400 notification in their browser.

Please follow these steps if this occurs:

  1. Connect to the SSID and close the pop-up “use without internet”.
  2. Open any full browser on your device such as Safari or Google Chrome.
  3. Go to neverssl.com in the web browser.
  4. Login with your account.

Configuration

Using the OAuth protocol, Meraki MR access points are able to authenticate users with Google accounts via a sign-on splash page for network access control. The administrator can easily setup this integration via the dashboard with the steps below. 

  1. Navigate to Wireless > Configure > Access control.
  2. Select the SSID that you would like to provision for Google authentication.
  3. In the Splash page section, select Sign-on with and choose Google OAuth from the drop-down menu.
  4. Optionally, you can configure a domain in the Allowed domains field to restrict the scope of Google accounts permitted to access the network.
    • If a domain is not specified, all valid Google accounts will be permitted to access the SSID.
    • To configure multiple domains, simply separate them by a newline.
  5. Click Save.

Below is an example configuration for this feature which accepts Google credentials from the example.com domain. 

google sign-on.PNG

If the captive portal strength is configured to restrict non-http traffic, the public IP address of Google's web servers will need to be added to the walled garden.

User Experience 

The Meraki Access points simply redirect an un-authorized user's first HTTP GET to the splash page server which is hosted within the Meraki Cloud Controller. The splash page presents them with the option to log onto the SSID using their Google account. Below is an example of the initial splash page where the SSID name is "Example SSID" prompting the user to continue to the Google login screen.

 

Screen Shot 2015-02-11 at 3.33.12 PM.png

 

The user is then directed to the familiar Google login screen that is hosted on Google's servers. After the end user enters their credentials they will be either permitted or prompted to re-enter valid credentials. 

Screen-Shot-2015-02-12-at-4.42.38-PM.png