Block access to consumer Google accounts
WebGUI feature for:
To prevent users from signing in to Google services using Google Accounts other than those you explicitly specify:
1. Route all traffic outbound to google.com through your web proxy servers.
2. Enable SSL interception on the proxy server.
3. Configure every client device to trust your SSL proxy:
a. Deploy the Internal Root Certificate Authority used by the proxy.
b. Mark it as trusted.
4. For each google.com request:
a. Intercept the request.
b. Add the HTTP header X-GoogApps-Allowed-Domains: followed by a comma-separated list with allowed domain names.
Make sure that the list includes the domain you registered with G Suite and any secondary domains you added.
Example: X-GoogApps-Allowed-Domains: mydomain1.com, mydomain2.com
5. To allow users to sign in to specific accounts, add the following values to the header:
domain_name for accounts on specific domains, such as altostrat.com and tenorstrat.com for accounts ending in @altostrat.com and tenorstrat.com
consumer_accounts for consumer Google Accounts, such as @gmail.com and @googlemail.com
gserviceaccounts.com for authenticated service accounts
6. (Optional) Create a proxy policy to prevent users from inserting their own headers.
Note: This approach blocks sign-in access to Google consumer services other than Google Search, but doesn’t necessarily prohibit anonymous access.