How do I limit users to the Google™ domain I specify?

Article #: Product Castle
1672 Guardian All


How to restrict G Suite to only work with the domain you specify, for example,


You want to limit your users to only accessing your company or student Google email or G Suite account.

Smoothwall offers a G Suite (formally Google Apps) content modification option which you can put in place to block users from logging into Google Mail for all domains except for the ones you specify (for example,


  1. Add Webmail to the IT & Technical category group — see
  2. Add to the Custom allowed content category — see
  3. Create a new content modification with the following header to override: X-GoogApps-Allowed-Domains:domain.tld
    where domain.tld is the domain to be allowed through.
    More than one domain can be added by separating them by commas — X-GoogApps-Allowed-Domains:,
  4. Create a content modification policy, with the following aspects:
    • Who — Everyone
    • What — Everything
    • Where — Everywhere
    • Action — Apply GoogleApps
  5. See

  6. Export Guardian's Certificate Authority (CA) certificate — see
    You must distribute this to all domain machines and devices, using a domain group policy, as a Root Trusted Certificate Authority.
  7. Order the HTTPS inspection policies as so:
    • Priority = 1
    • Who = Everyone
    • What = Online Banking, SSL/CRL, Custom categories used to bypass certificate check and inspection
    • Where = Everywhere
    • When = Always
    • Action = Do not inspect
    • Priority = 2
    • Who = Everyone
    • What = Everything
    • Where = Everywhere
    • When = Always
    • Action = Decrypt and inspect
  8. Note: The above requires HTTPS interception to be setup and working on the Guardian web filter — see


Last updated: Author: Contributions by:
23rd November 2016   DMT, SN