Summary
How to restrict G Suite to only work with the domain you specify, for example, smoothwall.net
.
Problem
You want to limit your users to only accessing your company or student Google email or G Suite account.
Smoothwall offers a G Suite (formally Google Apps) content modification option which you can put in place to block users from logging into Google Mail for all domains except for the ones you specify (for example, smoothwall.net
).
Solution
- Create a new content modification with the following header to override:
X-GoogApps-Allowed-Domains:domain.tld
wheredomain.tld
is the domain to be allowed through.
More than one domain can be added by separating them by commasX-GoogApps-Allowed-Domains: mydomain.com, mydomaintoo.com
See our help topic, Creating custom new content modifications for websites. - Create a content modification policy, with the following aspects:
- Who Everyone
- What Everything
- Where Everywhere
- Action Apply GoogleApps
See our help topic, Creating content modification policies.
- Export Guardian's Certificate Authority (CA) certificate see our help topic, Managing HTTPS inspection settings.
You must distribute this to all domain machines and devices, using a domain group policy, as a Root Trusted Certificate Authority. - Order the HTTPS inspection policies as so:
- Priority = 1
- Who = Everyone
- What = Online Banking, SSL/CRL, Custom categories used to bypass certificate check and inspection
- Where = Everywhere
- When = Always
- Action = Do not inspect
- Priority = 2
- Who = Everyone
- What = Everything
- Where = Everywhere
- When = Always
- Action = Decrypt and inspect
Note: The above requires HTTPS interception to be setup and working on the Guardian web filter see our help topic, Managing HTTPS inspection policies.