Hello @Steve Larsen
First of all, please allow me to make sure that I understand your context correctly. My understanding is that you want to use the Google Apps Connector that is shipped with Crowd to authenticate your Google Apps users on Crowd. In other words, when your unauthenticated users will hit a Google Apps page they will be redirected to Crowd's login page on which they will enter their Crowd username and password.
I also understand that you want to add Windows SSO on top of that, meaning that you want that Windows domains users don't need to enter any username and password when they are redirected to Crowd's login page. You will need a third-party plugin like IWAAC Kerberos SSO to achieve this (Important Disclaimer: I work for that plugin's vendor). You might want to take a look at our integration guide for G Suite / Google Apps.
Now, regarding your main and last question, the IWAAC plugin has options to enable/disable Windows SSO when users connect from specific IPs or from devices of specific types. For instance, you could tell the plugin to allow Windows SSO only for users connecting from a Mac/PC that has an IP in your internal domain network (e.g. 192.168.0.1/24).
I hope this does answer your question 🙂
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.