Google Apps Domain Restriction

Info - Google Apps Domain Restriction

Google Apps Domain Restriction requires SSL Decryption to be enabled in order to function. Any groups without SSL Decryption enabled will not be effected by this feature. 

Many Google Web properties, including Gmail, support a custom header which restricts access to the sites to accounts which are members of a specified domain. For instance, if an organization at used Google Apps for email and document sharing, they could restrict users to accessing those sites only through their accounts; trying to log in with any other accounts (including "consumer" Gmail accounts) would result in an error. 

To make use of this feature, navigate to Web Filtering, click on the Advanced Configuration tab at the top, check the Restrict Google Apps access to domains checkbox, and enter your organization's Google Apps-enabled domain(s) into the text field.

Then, enable the corresponding option (Labeled Google Apps Domain Restriction) for each desired group on the Group Permissions page.

If you are experiencing issues with Google Apps Domain Restriction, verify that you have not added or any other such Google domain to your SSL Decryption exemptions lists, group whitelists, global whitelists, or super whitelist. Also verify that you have not added any Google IP addresses to your list of Destination-Based Exceptions (viewable from the Advanced Configuration tab of the Web Filtering page). Please note that if you are blocking webmail access for a group, you will need to add to that group's whitelist in order for them to be able to use Gmail services.

    • Related Articles

    • Manual - Group Permissions

      Permissions for groups of users are managed here. Each group has individual settings for the different filtering technologies available, as well as a separate whitelist and blacklist. On this page, you can also edit the global whitelist and blacklist ...
    • Manual - Web Filtering

      The first thing to decide with regard to Web filtering is whether to run individual subnets in transparent or non-transparent (proxy server) mode. Transparent mode  — no client configuration is required, the Cipafilter simply intercepts all traffic ...
    • Manual - Web Reports

      This newer Web-reporting system features an improved interface, better filtering, new data, and several other additions over the legacy system. User interface Most Web-reporting report pages offer the following interface features: Date picker — The ...
    • How To - Pushing Proxy Settings with Google Admin Console

      Google provides a way to push proxy settings for either your users within your Google Apps organization or devices that you've registered within the organization. We recommend pushing settings to your users, as the proxy settings will be tied to ...
    • How To - Upload the SSL Certificate to the Google Admin Console

      Regardless of which deployment method you choose, all browsers must have the certificate installed for SSL inspection to work properly. It is important to know that filtering will still occur even without the certificate deployed, but users will ...