The Linux Google Login Policy allows organizations to enable Google-based authentication for Linux devices managed by Swif. This policy supports both LDAP and OAuth authentication methods, enabling users to sign in with their Google identity while maintaining centralized access control.
This policy can be applied to BYOD and company-owned Linux devices.
Requirements
Platform: Linux
OAuth support: Ubuntu 22.04 and above only
LDAP support: Supported on Linux distributions with LDAP integration
Policy Overview
Navigate to:
Device Management → Policy → Create New Policy → Linux Google Login Policy
Basic Information
Policy Name: Name of the policy
Policy Description: Purpose of the policy
Requirements: Linux
Configuration Types
The Linux Google Login Policy supports two authentication modes:
1. LDAP Authentication
Use this option if your organization authenticates Google users via LDAP.
Settings
Configure Type:
LDAP
Domain
The Google Workspace domain which used for login.
LDAP Certificate
Certificate used to secure LDAP communication.
LDAP Key
Authentication key for the LDAP service.
How to Get an LDAP Certificate
Sign in to the Google Admin console at admin.google.com (Business Plus license or above required).
Be sure to sign in using your super administrator account, and not your personal Gmail account.Go to Apps > LDAP
Click Add LDAP client.
Type a name in the LDAP client name field—for example, Swifteam Linux Google Login
Please ensure the Access permission configurations are aligned as follows:
Verify user credentials: Entire domain (Organization Name)
Read user information: Entire domain (Organization Name) and Public Custom Attributes
Read group information: On
Go to Authentication and click GENERATE NEW CERTIFICATE
Download the certificate and unzip the file. You’ll get a
Google_{date}.crtandGoogle_{date}.keyCopy the content of
Google_{date}.crtandGoogle_{date}.keyand paste them to policy fields respectively
2. OAuth Authentication (Ubuntu only)
OAuth authentication is only supported on Ubuntu 22.04 and above. This method allows users to sign in directly with Google using OAuth credentials.
Settings
Configure Type:
OAuth
Client ID
OAuth Client ID from Google Cloud.
Client Secret
OAuth Client Secret from Google Cloud.
Force Provider Authentication
Requires an active connection to authenticate, even if the provider is unreachable.
Allowed Users
Same behavior as LDAP mode.
Owner
Assigns the owner role.
Home Base Directory
Home directory path for Google users. The default value is
/home.
This is how it works:
How to Get Client ID and Client Secret for OAuth Authentication (Ubuntu Only)
To configure OAuth, you must create OAuth credentials in Google Cloud.
Steps
Go to Google Cloud Console → APIs & Services → Credentials
Click Create Credentials → OAuth client ID
Select TVs and Limited Input devices as the application type
Complete the setup
Copy the Client ID and Client Secret
Paste these values into the Linux Google Login Policy fields:
Client ID
Client Secret
Important Notes
OAuth authentication will not work on Ubuntu versions below 22.04
Ensure devices have internet access during first login
The Owner user must also be included in Allowed Users
This policy controls login access only, not device enrollment
When to Use This Policy
Enable Google SSO for Linux endpoints
Centralize authentication for Linux users
Support secure login for distributed or remote Linux workforces
Replace local Linux accounts with Google-managed identities
If you encounter authentication issues, verify:
System time is correct
Device has network connectivity
Client ID and Client Secret are correctly configured
Ubuntu version meets OAuth requirements
If you need any more help, please feel free to contact Swif Support.