Restrict the anonymous access in Google Workspace (GSuite)
search cancel

Restrict the anonymous access in Google Workspace (GSuite)


Article ID: 277361


Updated On:


CASB Gateway Advanced CASB Gateway CASB Advanced Threat Protection CASB Security Advanced CASB Security Premium CASB Security Standard


The tenant restrictions headers in Google Workspace are designed to force the end user to access a list of whitelisted tenants. However, in the case of the publicly available objects, the restriction is not enforced since it requires the user to be authenticated. 

This article describe a way to restrict this type of access. 


The header name and value are:
X-GoogApps-Drive-Deny-Anonymous : true 
The policy used for testing is as follows:
The expected behavior
If the user is unauthenticated, and the traffic matches the above policy, then the request would be redirected to Google's GSuite login page
If the use is authenticated then the request would succeed as it should without any difference.