Block Personal Gmail, Allow Google Corporate Accounts

From Secure Web Gateway
Revision as of 17:58, 23 December 2019 by en>Santosh.thorat
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview

Nowadays emails are used very frequently to exchange information between people using electronic devices. In some organization personal emails in the office network are not allowed. Personal emails are blocked to avoid spending of productive time by employees. Allowing personal emails can also lead a path for leakage of confidential information. Nowadays some of the oragnization emails are via Google Corporate domains. Google corporate account allows organization to have their mailing server along with the additional Gmail features personalized for the organization with complete control. So, we currently cannot block Gmail.

Client Scenario

As an administrator, you may want to prevent users from signing into Google services using any accounts other than the account you provided them with. You do not want users to waste their productive time in other unnecessary mail exchanges in the office network. For example, you may not want users to use their personal Gmail accounts or manage Google Account from another domain. Block Personal Gmail To Ensure Data Security.

SafeSquid Secure Web Gateway(SWG) allows you to access corporate account only and block personal gmail account.

Policy Creation

To solve problem of personal Gmail blocking. We need to manipulate headers of Gmail so that only specific domain (corporate domains) is/are allowed and rest are denied (this includes personal Gmail). Also as Gmail is HTTPS website, we need to make sure HTTPS Inspection is enabled.

We can achieve the above by following steps –

Enable policy from Policies and Profiles Section

We will first match request from only Google Application policy.

  • From SafeSquid Dashboard click on Configure page at the Top Right Corner. You will see  Policies and profiles section on your screen.
  • Search for default profile named GOOGLE APPLICATION.
    Google Corporate 1.png
  • Edit and Enable this policy
    Google Corporate 2.png

'Note ': You can also add User Groups in Policies and Profiles for specific group of users.

Enable policy from Header Filter Section

We will insert header, so that only allowed domains are allowed by GOOGLE.

  • Click on Restriction Policies (Left Side Panel).
  • Click on Privacy Control submenu.
  • Click on Header Filter section. Make Sure Global part of this section is Enabled as True.
    Google Corporate 3.png
  • Click on Insert Tab.
  • Search for default profile named GOOGLE APPLICATION (First Rule).
    Google Corporate 4.png
  • Edit and Enable this Rule. Add Domains that you need to allow, in value field and Save the Policy.
    Google Corporate 5.png

Note : In case of multiple domains, each should be separated by ','  with no space.

Validation

We will try to login into Personal Gmail account.
Google Corporate 6.png

You will get error template/message from Google, with names of allowed domains.