Block Personal Gmail, Allow Google Corporate Accounts
Contents
Overview
Currently e-mails are necessary to exchange information. But allowing personal e-mails in the office network allows users to spend their productive time in other unnecessary things. Personal mails can be also a path leading to send confidential information. Blocking personal mails, solves the issue. But now some of the company mails are via Google Corporate domains. Google corporate account allows organization to have their mailing server along with the additional Gmail features personalized for the organization with complete control. So, we currently cannot block Gmail.
Client Scenario
As an administrator, you may want to prevent users from signing into Google services using any accounts other than the account you provided them with.You does not want that users will spend their productive time in other unnecessary things in the office network. For example, you may not want them to use their personal Gmail accounts or a managed Google Account from another domain.Block Personal Gmail To Ensure Data Security.
SafeSquid Secure web gateway(SWG) allows you to access corporate account only and block personal gmail account.
Policy Creation
To solve problem of personal Gmail blocking. We need to manipulate headers of Gmail so that only specific domain (corporate domains) is allowed and rest are denied (this includes personal Gmail). Also as Gmail is HTTPS website, we need to make sure HTTPS Inspection is enabled.
We can achieve the above by following steps –
Enable GOOGLE APPLICATION policy in Policies and Profiles
We will first match request form only Google.
- Click Configure (Top Right Corner). By Default it should be in Policies and profiles section.
- Search for GOOGLE APPLICATION.
- Edit and Enable the policy
Note: You can also add User Groups in Policies and Profiles for specific group of users.
Enable GOOGLE APPLICATION policy in Header Filter
We will insert header, so that only allowed domains are allowed by GOOGLE.
- Click Restriction Policies (Left Side Panel).
- Click Privacy Control.
- Click Header Filter. Make Sure Global Section – Enabled is True.
- Click on Insert Tab.
- Search for GOOGLE APPLICATION (First Rule).
- Edit and Enable Rule. Add Domains that you need to allow, in value section. Save the Rule.
Note: In case of multiple domains, each should be separated via ',' with no space.
Validation
We will login to Personal Gmail account.
You should be able to login, but you will get message from Google, with names of allowed domains.
Save the Policy, by clicking on the Save icon (Bottom Right).