Configure G-Suite Sync For Microsoft Outlook (GSSMO) via SafeSquid-SWG on Windows 7 ( Client Discussion #5 )
Posted: Mon Apr 27, 2020 4:03 am
Hello All,
The Below Discussion explains the problem faced by users while using Application that does not support proxy authentication.
Proxy Authentication basically help to identify user, and apply policy for that Identified user.
This way users are Identified , Grouped and policy is applied.
Some Applications does not support Proxy Authentication and inorder to use such applications in a corporate Environment ( as per the Companies Requirement ) they need to be bypassed from proxy authentication.
This is not recommended as this increases complications in a corporate environment as to which user should use this application and which bunch of users are allowed/blocked to use this application.
Policies cannot be created ( based on user ) on such applications.
But as per the company Requirement such Exceptions need to be created so that the users can use the application.
Below is such a scenario where windows 7 and below users were not able to use GSSMO APPLICATION because it does not provide proxy authentication credentials and therefore we need to create a SafeSquid policy to access this application.
I have come accross a scenario where the client was using SafeSquid-SWG and wanted to use G-Sync App to configure his G-Suite account on Microsoft Outlook via SafeSquid-SWG.
Google Provides an application named as GSSMO to easily configure one's GSuite Account in Microsoft Outlook.
Below is the detail provided by Google:
-----------------------------------
Get started with G Suite for Outlook
G Suite Sync for Microsoft Outlook
If your Google Account is through work, school, or another group, you can use G Suite Sync for Microsoft® Outlook® (GSSMO) to synchronize your account with Outlook. Then, you can access the synchronized information (Gmail and other G Suite products, such as Google Drive) in Outlook on any device where you use your Google Account. You’ll open Outlook just like you used to and use it to manage most of your data.
If you don’t want to use Outlook and would rather move your data from Outlook to your Google Account, use our G Suite Migration for Microsoft Outlook product instead.
-----------------------------------
I have below attached a scenario where it was very difficult for the user to sync their GSuite Account using GSync App when using SafeSquid-SWG.
We did alot of Debugging to actually understand the working of the GSSMO Application and came to some analysis.
Note: Client was using SafeSquid-SWG with Basic Authentication.
1. The GSSMO Application failed to provide Authentication details to SafeSquid-SWG because of which it was getting blocked at SafeSquid itself.
2. GSSMO Application works very well on Windows 10 and provides proper Authentication Details.
3. GSSMO fetches Proxy Authentication details from IE ( INTERNET EXPLORER ) Or we can say Native Windows Proxy Authentication Store.
4. GSSMO Application connects to Google Services.
Let's begin with understanding the Problem Statement and The Solution Applied In SafeSquid-SWG.
Client Scenario:
------------------------
One of our Client was using G Suite Sync App to Configure G Suite Account on Microsoft Outlook.
This Application is Available for both Windows 7 and Windows 10
Situation ( Setup ):
-----------------------------
Client OS: Windows 7
He has Installed SafeSquid and has Enabled Proxy-Authentication. But he was not able to Sync his GSuite Account.
Problem Witnessed:
-------------------------------
This Application as such does not have Proxy Settings But it can Fetch Proxy Settings and Proxy Authentication Credentials from IE [System wide Proxy Settings].
Apparently, the Problem that he was facing was
When he does the Setup of MS Outlook using GSuite Sync APP, the Application Connects to the Google Mail Server and authenticates the user account.
Since Proxy Settings are done on IE, the GSuite Sync App will use the Proxy Server[SafeSquid-SWG] to reach out Google Mail Server.
At the time of making a Connection to the Proxy, the application should send an Proxy-Authorization Header containing the Proxy-Authentication Credentials
But it was not doing so.
We Did some dig around the Application and found that it does fetches Proxy-Authentication Credentials from IE and can Produce that at time of Proxy Authentication. This Worked fine in Windows 10.
Apparently, it could not do the same in Windows 7 OS.
To use the GSuite Sync App, we need to bypass it from Proxy-Authentication.
To Do so
Below is the Configuration to be done:
STEP1: Identify The Signature
-----------------------------------------------
[NOTE: In SafeSquid we can Identify an Application using its User-Agent, Since the Gsync App was not sending any User-Agent at the Time of Connect. We have to Add it to Unidentified Application]
Identify the FQDN that the Application is Trying to Visit and create a Request-Type
---- RequestTypes Edit -----
After Saving it, It Looks like this as shown below
---- RequestTypes Save -----
The Below Discussion explains the problem faced by users while using Application that does not support proxy authentication.
Proxy Authentication basically help to identify user, and apply policy for that Identified user.
This way users are Identified , Grouped and policy is applied.
Some Applications does not support Proxy Authentication and inorder to use such applications in a corporate Environment ( as per the Companies Requirement ) they need to be bypassed from proxy authentication.
This is not recommended as this increases complications in a corporate environment as to which user should use this application and which bunch of users are allowed/blocked to use this application.
Policies cannot be created ( based on user ) on such applications.
But as per the company Requirement such Exceptions need to be created so that the users can use the application.
Below is such a scenario where windows 7 and below users were not able to use GSSMO APPLICATION because it does not provide proxy authentication credentials and therefore we need to create a SafeSquid policy to access this application.
I have come accross a scenario where the client was using SafeSquid-SWG and wanted to use G-Sync App to configure his G-Suite account on Microsoft Outlook via SafeSquid-SWG.
Google Provides an application named as GSSMO to easily configure one's GSuite Account in Microsoft Outlook.
Below is the detail provided by Google:
-----------------------------------
Get started with G Suite for Outlook
G Suite Sync for Microsoft Outlook
If your Google Account is through work, school, or another group, you can use G Suite Sync for Microsoft® Outlook® (GSSMO) to synchronize your account with Outlook. Then, you can access the synchronized information (Gmail and other G Suite products, such as Google Drive) in Outlook on any device where you use your Google Account. You’ll open Outlook just like you used to and use it to manage most of your data.
If you don’t want to use Outlook and would rather move your data from Outlook to your Google Account, use our G Suite Migration for Microsoft Outlook product instead.
-----------------------------------
I have below attached a scenario where it was very difficult for the user to sync their GSuite Account using GSync App when using SafeSquid-SWG.
We did alot of Debugging to actually understand the working of the GSSMO Application and came to some analysis.
Note: Client was using SafeSquid-SWG with Basic Authentication.
1. The GSSMO Application failed to provide Authentication details to SafeSquid-SWG because of which it was getting blocked at SafeSquid itself.
2. GSSMO Application works very well on Windows 10 and provides proper Authentication Details.
3. GSSMO fetches Proxy Authentication details from IE ( INTERNET EXPLORER ) Or we can say Native Windows Proxy Authentication Store.
4. GSSMO Application connects to Google Services.
Let's begin with understanding the Problem Statement and The Solution Applied In SafeSquid-SWG.
Client Scenario:
------------------------
One of our Client was using G Suite Sync App to Configure G Suite Account on Microsoft Outlook.
This Application is Available for both Windows 7 and Windows 10
Situation ( Setup ):
-----------------------------
Client OS: Windows 7
He has Installed SafeSquid and has Enabled Proxy-Authentication. But he was not able to Sync his GSuite Account.
Problem Witnessed:
-------------------------------
This Application as such does not have Proxy Settings But it can Fetch Proxy Settings and Proxy Authentication Credentials from IE [System wide Proxy Settings].
Apparently, the Problem that he was facing was
When he does the Setup of MS Outlook using GSuite Sync APP, the Application Connects to the Google Mail Server and authenticates the user account.
Since Proxy Settings are done on IE, the GSuite Sync App will use the Proxy Server[SafeSquid-SWG] to reach out Google Mail Server.
At the time of making a Connection to the Proxy, the application should send an Proxy-Authorization Header containing the Proxy-Authentication Credentials
But it was not doing so.
We Did some dig around the Application and found that it does fetches Proxy-Authentication Credentials from IE and can Produce that at time of Proxy Authentication. This Worked fine in Windows 10.
Apparently, it could not do the same in Windows 7 OS.
To use the GSuite Sync App, we need to bypass it from Proxy-Authentication.
To Do so
Below is the Configuration to be done:
STEP1: Identify The Signature
-----------------------------------------------
[NOTE: In SafeSquid we can Identify an Application using its User-Agent, Since the Gsync App was not sending any User-Agent at the Time of Connect. We have to Add it to Unidentified Application]
Identify the FQDN that the Application is Trying to Visit and create a Request-Type
---- RequestTypes Edit -----
- RequestTypes-Edit.png (48.32 KiB) Viewed 1954 times
After Saving it, It Looks like this as shown below
---- RequestTypes Save -----
- RequestTypes-Save.png (23.17 KiB) Viewed 1954 times