Block Personal Gmail, Allow Google Corporate Accounts

From Secure Web Gateway
Share/Save/Bookmark
Jump to: navigation, search

Overview

Currently e-mails are necessary to exchange information. But allowing personal e-mails in the office network allows users to spend their productive time in other unnecessary things. Personal mails can be also a path leading to send confidential information. Blocking personal mails, solves the issue. But now some of the company mails are via Google Corporate domains. Google corporate account allows organization to have their mailing server along with the additional Gmail features personalized for the organization with complete control. So, we currently cannot block Gmail.

Client Scenario

As an administrator, you may want to prevent users from signing into Google services using any accounts other than the accounts you provided them with.You does not want that users will spend their productive time in other unnecessary things in the office network. For example, you may not want them to use their personal Gmail accounts or a managed Google Account from another domain.Block Personal Gmail To Ensure Data Security.

SafeSquid Secure web gateway(SWG) allows you to access corporate account only and block personal gmail account.

Policy Creation

To solve problem of personal Gmail blocking. We need to manipulate headers of Gmail so that only specific domain (corporate domains) is allowed and rest are denied (this includes personal Gmail). Also as Gmail is HTTPS website, we need to make sure HTTPS Inspection is enabled.

We can achieve the above by following steps –

Enable GOOGLE APPLICATION policy in Policies and Profiles

We will first match request form only Google.

  • Click Configure (Top Right Corner). By Default it should be in Policies and profiles section.
  • Search for GOOGLE APPLICATION.
    Google Corporate 1.png
  • Edit and Enable the policy
    Google Corporate 2.png

Note: You can also add User Groups in Policies and Profiles for specific group of users.

Enable GOOGLE APPLICATION policy in Header Filter

We will insert header, so that only allowed domains are allowed by GOOGLE.

  • Click Restriction Policies (Left Side Panel).
  • Click Privacy Control.
  • Click Header Filter. Make Sure Global Section – Enabled is True.
    Google Corporate 3.png
  • Click on Insert Tab.
  • Search for GOOGLE APPLICATION (First Rule).
    Google Corporate 4.png
  • Edit and Enable Rule. Add Domains that you need to allow, in value section. Save the Rule.
    Google Corporate 5.png

Note: In case of multiple domains, each should be separated via ',' with no space.

Validation

We will login to Personal Gmail account.
Google Corporate 6.png
You should be able to login, but you will get message from Google, with names of allowed domains.
Save the Policy, by clicking on the Save icon (Bottom Right).