Restrict the anonymous access in Google Workspace (GSuite)
search cancel

Restrict the anonymous access in Google Workspace (GSuite)

book

Article ID: 277361

calendar_today

Updated On:

Products

CASB Gateway Advanced CASB Gateway CASB Advanced Threat Protection CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

The tenant restrictions headers in Google Workspace are designed to force the end user to access a list of whitelisted tenants. However, in the case of the publicly available objects, the restriction is not enforced since it requires the user to be authenticated. 

This article describe a way to restrict this type of access. 

Resolution

The header name and value are:
X-GoogApps-Drive-Deny-Anonymous : true 
 
The policy used for testing is as follows:
 
The expected behavior
If the user is unauthenticated, and the traffic matches the above policy, then the request would be redirected to Google's GSuite login page
If the use is authenticated then the request would succeed as it should without any difference.
 
 
Powered by Wolken Software