Block Personal Gmail, Allow Google Corporate Accounts
Overview
Nowadays emails are used very frequently to exchange information between people using electronic devices. In some organization personal emails in the office network are not allowed. Personal emails are blocked to avoid spending of productive time by employees. Allowing personal emails can also lead a path for leakage of confidential information. Nowadays some of the organization emails are via Google Corporate domains. Google corporate account allows organization to have their mailing server along with the additional Gmail features personalized for the organization with complete control. So, we currently cannot block Gmail.
Client Scenario
As an administrator, you may want to prevent users from signing into Google services using any accounts other than the account you provided them with. You do not want users to waste their productive time in other unnecessary mail exchanges in the office network. For example, you may not want users to use their personal Gmail accounts or manage Google Account from another domain. Block Personal Gmail To Ensure Data Security.
SafeSquid Secure Web Gateway (SWG) allows you to access corporate account only and block personal gmail account.
Policy Creation
To solve problem of personal Gmail blocking. We need to manipulate headers of Gmail so that only specific domain (corporate domains) is/are allowed and rest are denied (this includes personal Gmail). Also, as Gmail is HTTPS website, we need to make sure HTTPS Inspection is enabled.
We can achieve the above by following steps --
Enable policy from Policies and Profiles Section
We will first match request from only Google Application policy.
From SafeSquid Dashboard click on Configure page at the Top Right Corner. You will see Policies and profiles section on your screen.
Search for default profile named GOOGLE APPLICATION.
Edit and Enable this policy
You can also add User Groups for specific group of users.
Enable policy from Header Filter Section
We will insert header, so that only allowed domains are allowed by GOOGLE.
Click on Restriction Policies (Left Side Panel).
Click on Privacy Control submenu.
Click on Header Filter section. Make Sure Global part of this section is Enabled as True.
Click on Insert Tab.
Search for default profile named GOOGLE APPLICATION (First Rule).
Edit and Enable this Rule. Add Domains that you need to allow, in value field and Save the Policy.
In case of multiple domains, each should be separated by ',' with no space.
Validation
We will try to login into Personal Gmail account.
You will get error template/message from Google, with names of allowed domains.