Login to Google Services Only via Specific Gmail ID.

Tell everybody, what you think about SafeSquid!
Speak your mind!
United States of America chinna
Posts: 8
Joined: Thu Jul 18, 2019 8:37 am

Login to Google Services Only via Specific Gmail ID.

Post by chinna » Fri Aug 23, 2019 10:50 am

Hello Team,
I have one Unique requirement.Please help me out.
I am using safesquid from past few years.i know that I can allow specific sites to specific users/groups.
I do know safesquid can allow only Gsuite users to login and rest Personal gmail id will be blocked.
But overhere, I have a unique requirement. I want to allow gmail to all the users using the same gmail id.
I don’t want them to login through any other account.
The gmail id that I want the user to login is : info_query.jkl@gmail.com
all my users will use the same id to login and reply to cusomer queries.
I don’t want any one else to login to gmail.
I might change that id in the future or want to add new gmail id to allow login .
Can you allow only specific users to login to gmail.com

India aashish97
Posts: 117
Joined: Sat Jul 06, 2019 10:45 am

Re: Login to Google Services Only via Specific Gmail ID.

Post by aashish97 » Fri Aug 23, 2019 11:09 am

Hello Sir,
Yes we can do that in SafeSquid-SWG.
We can help you create policies where only specific gmail user can login to gmail.

Let's first undertsand how google login Mechanism works and find that Request which carries the email address and then we will apply restriction on that Request using SafeSquid-SWG Module -> Content-Modifier

[Note: I personally do not recommend Content-Modifer for Request that is Travelling to the WebServer
You can use Content-Modifier in modifying Response data.
by manipulating Request Fields/Data we are doing nothing but creating forge requests.and if this increases in number it might create problem.
Google keep a track of these kinds of interaction from the user's end and therefore somtimes it will ask for Captcha to fill filled before proceeding.
In Future, we might come up with Content-Blocker which will block Certain Request containg certain kind of data etc.
Which is Good for creating such kind of Restriction Policies.]

Small Intro To Identify Google Lookup Request.

Google has a different Login Mechanism.

Google will first accept users E-Mail Id and check whether the user is present or not [i.e the email id is present or not].
if the gmail is present google will proceed with the password else it will display error message as: Couldn't find your Google Account and after you put in your correct password you will be logged In to Google Services.
This a just a normal Google Sign In process nothing much.

Inorder to only allow specific users to login,
We will first Identify the Request which Google uses to LookUp Email id is present or not.

I have already found the POST Request.
It is:
accounts.google.com/_/signin/sl/lookup?<few-other-aguments>

We will create a Request-Type using this Information.

Go to http://safesquid.cfg/ -> Configure -> Custom Settings -> Request-Types
and create a Request Type as shown below

<REQUEST-TYPE>
request.png
request.png (30.27 KiB) Viewed 1822 times

After this Bind the Request -Type to a Profile in Policies & Profiles Section
Go to http://safesquid.cfg/ -> Configure [You will By Default land into Policies & Profiles Section]
Else Go To http://safesquid.cfg/ -> Configure -> Restriction Policies -> Access Profiles.
and create one as shown below.

<PROFILE>
profile.png
profile.png (18.46 KiB) Viewed 1822 times

[Note: the only reason to Add/Bind Request-Type to Profile is to extend the Impose other filters on that particular Profile]
Let me show you how in the later steps.

After doing both the Step.
We will now go to Content-Modifier Section and Write the Logic to Only Allow Gmail/Google ID : info_query.jkl@gmail.com
[Note: To Escape "." in Pattern Field we have added "\" in start of "." so it looks like this : info_query\.jkl. It is PCRE Compatible Regex ]

<CONTENT-MODIFIERS>
contentmodifier.png
contentmodifier.png (43.06 KiB) Viewed 1822 times

and after this we are done with policy creation.
Now you can try login to google using any id you will get Something Went Wrong.
But ony for info_query\.jkl. you will beable to proceed to the password field.

Post Reply