Can We Allow Only One Facebook Id to login to Facebook Website for all users via SafeSquid-SWG ( Client Discussion #7 )

Tell everybody, what you think about SafeSquid!
Speak your mind!
India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Can We Allow Only One Facebook Id to login to Facebook Website for all users via SafeSquid-SWG ( Client Discussion #7 )

Post by aashish97 » Tue Apr 28, 2020 7:45 am

Hello All,

Their are few situation where the user is interested in some custom policy making as per their business requirements.

As SafeSquid provides granular approach in policy making, it is just matter of Identification of the Application inorder to apply policy.


Before Actually proceeding let's first understand the Problem properly and why companies have such requirement.

In a Corporate Organization, depending upon what the organization does, they have a marketing team to demonstrate their products or services in the digital works.
We can call then Digital Marketing Team, Sales Team etc anyone who needs Social Networking Platform to advertise their Products Or Services.

And Inorder to advertise they need access to Social Networking Platform, they access the companies Social Networking Account to advertise the products by videos , images , posts , pages etc and therefore access to Social Networking Sites is a must.

But if Social Networking site access is provided then the user can login via thier own id as well resulting in Corporate Policy
Restriction Violation.
As we all know, access social networking sites in corporate
Environment is a company Violation.
Inorder to use it for their business requirements it might end up unnecessary wrong usage and a breach in corporate policy making.

Inorder to do that Companies need a way to Restrict login to websites only via specific user.
Like only login to Facebook via a Specific ID ( Company's FaceBook ID )
And when the user tries to login via their personal ID then they are not allowed to do so.
This Corporate Level Restrictions helps companies to mange their business as well as apply necessary Restrictions.


Here below we have one such Scenario, where the client required custom policy.


-------------------------
Client Question:
-------------------------
We have a Important Requirement to only allow one Facebook ID to all the Marketing users, so that they should login using one facebook id and publish all the necessary business requirements.
User should not be able to login using any other Facebook ID.

--------------
Solution:
--------------
Yes, we can create policies where we can block all users to login to a particular website or to all the websites.
As well as, the other way around Allow specific users to login to particular websites.

In your case, Allow Specific Users to Login to Facebook
To do so we need to use Content Modifier feature of SafeSquid-SWG.
First we will Identify the Post Request that Facebook use to POST Authentication Details.

Note: SafeSquid already provides a set of Application Signatures, Which can easily Identify Facebook Features like Login, Facebook Games, Facebook Chat, Facebook Like Etc. and all
But in this, we will create our Own Signature to Identify Facebook Login Request.
To do this we will use Request-Types

STEP 1:
---------------
Create a Request-Type to Identify Facebook Login
-------------------------------------------------------------------------------

Specify the Below Parameters and create a Request-Type
Over here,
In Method I have selected “POST”
In Host Name Field I have Specified “facebook.com”
And in File: “/login/device-based/regular/login/”
And A Name to the Request-Type as Facebook Login

----- RequestTypes Edit ------
RequestTypes-Edit.png
RequestTypes-Edit.png (46.52 KiB) Viewed 2242 times


After saving the Policy will look as shown below:

---- Request Types Save -----
RequestTypes-Save.png
RequestTypes-Save.png (21.77 KiB) Viewed 2242 times


This Above Request-Type Will Identify Facebook Login Activity.
[Working: The Request-Type will be applied to a POST REQUEST that is made to ‘facebook.com’ with File Path: “/login/device-based/regular/login/”]
Last edited by aashish97 on Thu Apr 30, 2020 9:29 am, edited 3 times in total.

India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Re: Can We Allow Only One Facebook Id to login to Facebook Website for all users via SafeSquid-SWG ( Client Discussion #

Post by aashish97 » Tue Apr 28, 2020 7:50 am

STEP 2:
-------------
Create a Profile to Identify Facebook Login
--------------------------------------------------------------------

[ In Order to use it to MAP with any of the SafeSquid Filters]
As Show below:
Select Facebook Login from Request-Types Magic Suggest List
Request-Types: “Facebook Login” -> This will identify the Application
Give it a Name [PERMITTED FACEBOOK LOGINS]

------ Access Profile Edit ----
AccessProfile-Edit.png
AccessProfile-Edit.png (35.08 KiB) Viewed 2241 times



Save the Policy. It should look like this as shown below

----- Access Profile Save ----
AccessProfile-Save.png
AccessProfile-Save.png (16.99 KiB) Viewed 2241 times
Last edited by aashish97 on Tue Apr 28, 2020 7:53 am, edited 1 time in total.

India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Re: Can We Allow Only One Facebook Id to login to Facebook Website for all users via SafeSquid-SWG ( Client Discussion #

Post by aashish97 » Tue Apr 28, 2020 7:51 am

STEP 3:
-------------
Create Policies in Content Modifiers
---------------------------------------------------------

As shown below
In this Rule we are going to allow User: umashankar.gutti@gmail.com to login to Facebook, rest all the users will not be able to Login to Facebook.

------ Content Modifier Policy ----
ContentModifier-Policy.png
ContentModifier-Policy.png (44.87 KiB) Viewed 2240 times

In the Above Screenshot, there are 2 Policy
The First policy will block all the Users to login to LinkedIn Website
The Second one will allow E-Mail ID: umashankar.gutti@gmail.com to login to Facebook
We can create other Policies to Allow login from Specific Domains.
To Allow another user to Login to LinkedIn just duplicate the second policy and change the value for ‘safesquid_email’ and ‘email’ as the EMAIL Id
For Example :
EMAIL ID: aashish.bhandari97@gmail.com CONVERT IT TO aashish\.bhandari%40gmail.com
NOTE : ‘.’ Needs to be replaced using ‘\.’ And for ‘@’ replace with ’%40’
You can also the refer the example below:
This Policy is created to Allow Login to EMAIL ID: Santosh.t2007@gmail.com

------- Content Modifier Email id ----
ContentModifier-EmailChange.png
ContentModifier-EmailChange.png (19.29 KiB) Viewed 2240 times

Post Reply