Welcome to Relay. Our goal is to provide you with tools that help you monitor and secure web activity on your network. But before you jump into the Relay interface, follow these three simple steps to get started:
- 1. Add Users and Groups
- 2. Create your filtering policy
- 3. Deploy Relay software to devices
Of course, you need to log in to Relay before getting started.
Step 1- Add Users and Groups
Start by adding (importing) users and groups from the Google Admin Console to Relay. Click the Go button on the Relay Getting Started page, or navigate to the Settings > User & Group Management page.
Import Users and Groups from the Google Admin Console
Note: You need to enable API Access for Google sync to work.
In the Google Admin console, navigate to Security > API Reference and check the Enable API Access box under API access.
Follow these steps to authorize Google to import users and groups:
Navigate to the User & Group Management page by clicking Settings > User & Group Management from the left-side naviagtion menu.
Click the Authorize button. You will be redirected to a Google page that will prompt you for permission to allow Lightspeed Systems to view organizational units on your domain.
This opens a Google page that prompts you to allow Lightspeed Systems to view organizational units on your domain. Click Allow.
A new set of importing options are listed below Google Import. Configure your import settings based upon the following options:
- Data – Import the Structure Only or Structure & Users.
- Organizations – Select the organizaitions you want imported into Relay.
- Nightly Import – Select this option if you want Relay to import your Data and Organizations nightly. Click Import Now to import this data immediately.
Other Import Methods
There are other options for importing users into Relay. Refer to these documents for :
Step 2- Create your filtering policy
The second step in this Getting Started process is to create your filtering policy. We suggest reviewing Relay’s default internet access categories to begin crafting your internet policy.
Relay classifies websites into various categories. By default, most of these categories are blocked.
Navigate to Internet Access > Default Rules section and scroll through the list of Categories. Determine which categories need to be blocked or unblocked. Each category provides a brief description of the type of sites within it. Click on the on/off icon to the left of the category name to toggle a category on or off.
- – indicates the category is on and accessible.
- – indicates the category is off and blocked.
Search for a Site’s Category
To search for a site’s category, scroll to the top of the Rules page and enter the website URL in the Enter a website to check… search bar, then click Check.
Example: In the following example we searched for www.facebook.com and the results show that Facebook is blocked and categorized as forums.social_networking. Click on the icon to the left of the category name to make the category (and Facebook) accessible.
Step 3- Deploy Relay software to devices
After you’ve imported users and created your filtering policy, you are ready to deploy Relay to your devices (Chrome, Mac, Windows)
Minimum OS Version
Before deploying Relay to any devices on your network, ensure that the device(s) is running this version of the operating system:
- Windows– Windows 10, x64, build 1709
Note: Support for Windows 10 (32-bit) and Windows 7 will be available in future releases.
- Mac– High Sierra, x64
Note: Support for macOS Sierra and El-Capitan will be available in future releases.
- iOS– 11.2
Open the Google Admin console and navigate to Device Management.
Click Chrome Management from the left-side menu (Device Settings), then click User Settings.
Choose your organization from the left menu (Organizations), then scroll down to Apps and Extensions > Force-installed Apps and Extensions. Click on Manage force-installed apps. Click on Specify a Custom App.
Enter your organization-specific App ID and URL in the ID and URL fields. Then click Add.
Note: Refer to the Relay (Step 3) or Classroom (Step 2) Getting Started page and click Details for the App ID and URL. You can also find your organization-specific App ID and URL on Relay’s Settings > Chrome Extension page.
Once added, the App ID is listed in the Total to force install list. Click Save to push the extension.
Mac OS Devices
Note: Support for macOS Sierra and El-Capitan will be available in future releases.
To install a Smart Agent on a Mac, follow these steps:
- 1. Obtain your .dmg file in one of the following ways:
- a. From Getting Started under Deploy Relay software to devices, click the macOS tab. Then click the SmartAgent.dmg link.
- b. Navigate to Settings > Software using the left-side navigation of Relay and click the macOS tab. Then click the SmartAgent.dmg link.
- 2. Working from the target workstation as an Administrator, make a local copy of your Smart Agent .dmg file accessible..
- 3. Open SmartAgent.dmg and complete the installer.
Enabling High Sierra Security and Privacy
You can bypass this step by following the instructions in this Apple article
under the How This Affects Enterprise App Distribution
section. Use Team ID ZAGTUU2342
if you elect to boot into Recovery OS and use the spctl kext-consent command approach.
After installing the Relay Smart Agent, enable security and privacy preferences. This step only needs to be done once for every device.
Navigate to System Preferences > Security & Privacy. Click on the lock icon at the bottom left to unlock changes and enter your password. Click the Allow button to authorize software initiation.
- Windows machine running Windows 10, x64, build 1709
Note: Support for Windows 10 x64 (build 1703), Windows 10 (32-bit), and Windows 7 will be available in future releases.
To install a Smart Agent on a Windows machine, follow these steps:
- 1. Obtain your .msi file in one of the following ways:
- a. From Getting Started under Deploy Relay software to devices, click the Windows tab. Then click the appropriate link to the Smart Agent .msi file.
- b. Navigate to Settings > Software in the left-side navigation of Relay and click the Windows tab. Then click the Smart Agent .msi link.
- 2. Working from the target workstation as a Local Administrator, make a local copy of your Smart Agent .msi file accessible.
- 3. From an administrator command prompt, navigate to the folder where your SmartAgentx64.msi file is saved and launch it using this command: msiexec /i [File Name.msi]
- Device must be running iOS 11.2
- Device cannot be running any other iOS filtering software and cannot have a global proxy configured.
- Device must be enrolled in a mobile device manager and owned by the user that you are filtering with Relay.
- The app must be launched once (this can be done by placing the device in single-app mode and selecting this app).
You should install the Smart Agent iOS app using Managed Distribution. For more information on Managed Distribution, click here.
Following installation, you need to configure the Web Content Filter settings within your MDM.
Lightspeed Systems Mobile Manager
Follow these instructions to configure the Web Content Filter settings in Lightspeed Systems Mobile Manager.
- Click Device Management > Policies in the left-side navigation.
- Click Web Content Filter in the Policies list
- In the Web Content Filter policy, set Filter Type to Plug-In and Vendor to Lightspeed (Relay).
If you’re using a third-party MDM, you’ll need to configure the following settings:
||Provided by Customer (ex: Relay – Content Filter)
||email address – must match the email address in Relay/Launch
|Filter WebKit Traffic
|Filter Socket Traffic
||UDID of the device
||Lightspeed Customer ID
Here’s an example of the settings using Apple Configurator as a third-party MDM:
Cisco Meraki MDM
solutions do not support our Relay Smart Agents for iOS. Refer to our FAQ to learn more
Required Open (Unblocked) URLs
If you want to use Relay on a filtered school network, ensure that the following URLs are unblocked by the filter:
When running Relay in Google Chrome, we recommend enabling these settings (if not already) to prevent users from bypassing or compromising the web-filtering service:
Caution:Make sure you select the correct organization from the list of Organizational groups (User Settings left-menu) when making these changes.
Add Chrome Flags & Inspect Tools to the URL Blacklist
Google Chrome Flags (list of experimental features) provide savvy users the ability to bypass web filtering in Chrome. Disable any opportunity to bypass web filters by adding these pages to your list of blocked URLs in Google’s Admin console.
To add the Chrome Flags and Inspect Tool URLs to the URL Blacklist from the Google Admin console, navigate to the URL Blacklist settings (Device Management > Chrome > User settings > Content > URL Blocking > URL Blacklist) enter the following URLs in the URL Blocking Field. Click Save to apply this setting.
Ensure Extensions are Allowed
Our web-filtering services (for Chrome) are deployed to devices via a Chrome Extension. By default, Extensions should be allowed, but if you have issues pushing the extension to a device, ensure that this setting is enabled.
To verify that extensions are allowed from the Google Admin console, navigate to the list of Allowed Types of Apps and Extensions (Device Management > Chrome > User settings > Apps and Extensions > Allowed types of Apps and Extensions) and ensure that the box next to Extension is marked. Click Save to apply this setting.
Disallow Incognito Mode
Chrome’s Incognito Mode allows users to browse the Internet privately. While user activity isn’t hidden in Incognito Mode, it’s best to disallow this feature when setting up your web-filtering service.
To disallow Incognito Mode from the Google Admin console, navigate to Incognito Mode (Device Management > Chrome > User settings > Security > Incognito Mode) and select Disallow Incognito Mode from the drop-menu. Click Save to apply this setting. Click Save to apply this setting.
Never Allow Developer Tools
Chrome’s built-in developer tools give users access to the browser’s (and other web applications) internal code. It’s best to never allow users access to the browser’s built-in developer tools.
To never allow access to Chrome’s built-in developer tools, from the Google Admin console, navigate to Development Tools (Device Management > Chrome > User settings > User Experience > Developer Tools) and select Never allow use of built-in developer tools from the drop-menu. Click Save to apply this setting.