How do I limit users to the Google™ domain I specify?

Article #:

Product

Castle

1672

Guardian

All

Summary

How to restrict G Suite to only work with the domain you specify, for example, smoothwall.net.

Problem

You want to limit your users to only accessing your company or student Google email or G Suite account.

Smoothwall offers a G Suite (formally Google Apps) content modification option which you can put in place to block users from logging into Google Mail for all domains except for the ones you specify (for example, smoothwall.net).

Solution

1. Add Webmail to the IT & Technical category group — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/filters.htm
2. Add mail.google.com to the Custom allowed content category — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/customcategory.htm
3. Create a new content modification with the following header to override:

X-GoogApps-Allowed-Domains:domain.tld

where domain.tld is the domain to be allowed through.

More than one domain can be added by separating them by commas — X-GoogApps-Allowed-Domains: mydomain.com, mydomaintoo.com

See https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/customcmod.htm

4. Create a content modification policy, with the following aspects:
Who — Everyone
What — Everything
Where — Everywhere
Action — Apply GoogleApps

See https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/contentmodpolicywiz.htm

5. Export Guardian's Certificate Authority (CA) certificate — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/httpssettings.htm

You must distribute this to all domain machines and devices, using a domain group policy, as a Root Trusted Certificate Authority.

6. Order the HTTPS inspection policies as so:

Priority = 1

Who = Everyone
What = Online Banking, SSL/CRL, Custom categories used to bypass certificate check and inspection
Where = Everywhere
When = Always
Action = Do not inspect

Priority = 2

Who = Everyone
What = Everything
Where = Everywhere
When = Always
Action = Decrypt and inspect

Note: The above requires HTTPS interception to be setup and working on the Guardian web filter — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/https.htm.

Attribution:

Last updated:

Author:

Contributions by:

23rd November 2016

 

DMT

SN

 

Copyright © 2000-2016 Smoothwall All rights reserved.