Restricting G Suite to Only Work with and Limit Users to the Google™ Domain You Specify

Summary

How to restrict G Suite to only work with the domain you specify, for example, smoothwall.net.

Problem

You want to limit your users to only accessing your company or student Google email or G Suite account.

Smoothwall offers a G Suite (formally Google Apps) content modification option which you can put in place to block users from logging into Google Mail for all domains except for the ones you specify (for example, smoothwall.net).

Solution

    1. Create a new content modification with the following header to override: X-GoogApps-Allowed-Domains:domain.tld
      where domain.tld is the domain to be allowed through.
      More than one domain can be added by separating them by commas X-GoogApps-Allowed-Domains: mydomain.com, mydomaintoo.com
      See our help topic, Creating custom new content modifications for websites.
    2. Create a content modification policy, with the following aspects:
      • Who Everyone
      • What Everything
      • Where Everywhere
      • Action Apply GoogleApps

See our help topic, Creating content modification policies.

    1. Export Guardian's Certificate Authority (CA) certificate see our help topic, Managing HTTPS inspection settings.
      You must distribute this to all domain machines and devices, using a domain group policy, as a Root Trusted Certificate Authority.
    2. Order the HTTPS inspection policies as so:
      • Priority = 1
      • Who = Everyone
      • What = Online Banking, SSL/CRL, Custom categories used to bypass certificate check and inspection
      • Where = Everywhere
      • When = Always
      • Action = Do not inspect
      • Priority = 2
      • Who = Everyone
      • What = Everything
      • Where = Everywhere
      • When = Always
      • Action = Decrypt and inspect

Note: The above requires HTTPS interception to be setup and working on the Guardian web filter see our help topic, Managing HTTPS inspection policies.