• Home
• CASB
• Setup Google CASB and Workspace Security

Follow the Step-by-Step Guide given below to Google Access Restriction policies using miniOrange Reverse Proxy

Step 1: Sign up with reverse proxy

• Click here and log in with your miniOrange account and login using your credentials. If you do not have an account, you can go ahead and create one.

Step 2: Add authentication method

• Click on Authentication, on the left pane in the dashboard.



• Click on Add Authentication in the top right.



• Click on SAML authentication.



• Enter the following details from SP metadata from IDP. And click on Submit button.



• After submitting, you will get the metadata details on your dashboard. Use this metadata to configure the SAML application in IDP.



• Return to the dashboard home screen. Click on Google under Pre-Defined Application.



• Now, enter the following details to configure the Google application:

• a) Organization Name: Enter the name of your organization.
• b) Organization Domain: Enter the domain of your organization on Google. (Ex: example.com)
• c) Attribute Key: Enter the value of the attribute key you have configured for user-groups in the IDP.
• d) Google ACS URL: You can get the Google ACS URL in case of third party IDP profiling from your Google Admin Console. Or else it would be https://www.google.com/(Organization-Domain)/acs
• e) Google Entity URL: You can get the Google ACS URL in case of third party IDP profiling from your Google Admin Console. Or else it would be https://www.google.com/
• f) Select the Authentication method which you have configured in step 3.

• Click on Submit to save your changes.



• After submitting the details successfully, there will be a option to view IDP metadata which you have to configure in your Google Admin Console.



• After clicking on the Show IDP metadata the data will be displayed as shown in the image below.



• Now go to your Google Admin Dashboard.



• Navigate to the SSO with third party IDP. Home>Security>Authentication>SSO with third party IdP



• Click on the Edit Button as shown below.



• It will open a menu as shown below:

• a) Check the Set up SSO option
• b) Sign-in-page URL is the SAML Login URL which you have got in the IDP metadata (refer step-11).
• c) Sign-out-page URL will be same as shown below in the image https://login.xecurify.com/moas/logout?redirectUrl=https://mail.google.com
• d) Click on the REPLACE CERTIFICATE button it will pop up a window upload the certificate which is X.509 Certificate which you have got in the IDP metadata(refer step-11).

• Click on the save button to update the configuration.



• After clicking on the save button, you can see you have successfully created the SSO with Third Party.



• Go to https://login.xecurify.com and enter your user credentials.



• Click on the Apps on the left panel of the Xecurify dashboard.



• It will take you to the apps dashboard. Click on the Add Application button in the top right.



• It will open a sub menu as shown in the image below. Click on SAML/WS-FED as shown.



• Search for Custom SAML app and click on it.



• Fill the fields for SP meta data which you have already created refer step 7. After that click on Attribute Mappings as shown below in the image.



• Click on Add Attribute as shown in the image below.



• Select the User-Groups attribute from the options as shown below.



• Give the Attribute Name same as you have given above while configuring the Google refer step-9., point c. And click on save button to save the configurations.



• To view the metadata click on the select option as shown below in the image.



• Select the metadata option from it.



• Click on the show metadata button as shown below.



• It will show you the metadata fields of the IDP which you have to configure in step-6.
<

Step 3: Configuring Policies

• Click on the add policy button as shown below.



• It will open a new window as shown below:



• IP-Policy: Name the policy and enable the toggle button as shown below in the image.



• To configure IP Policy:

• i. Select Allow or Deny for the below IP addresses what action should be taken over them.
• ii. Click on the Add IP Address button to create a new field where you can add the IP Addresses.
• iii. Click on Submit Button to submit the policy.

• You have successfully configured the IP Restriction Policy.



• Time Restriction Policy: Name the policy and enable the toggle button as shown below in the image.



• To configure the IP Policy:

• i. Select Allow or Deny for the below Time Slot what action should be taken over them.
• ii. Select the user's timezone.
• iii. Select the start and end time for the time based restriction.

• Click on Submit Button to submit the policy.



• You have successfully configured the Time Based Restriction Policy.



• Prevent Share & Download Restriction: To create Prevent Share and Download policy:

i. Give the policy name and enable the toggle button.




• Click on Submit button to save the policy.



• You have successfully configured the Prevent Share and Download Restriction Policy.

Step 4: Configuring Groups

• Click on the add group button as shown below.



• It will open a window as shown below:

• Enter the Group Name which should be exactly same as the name of group which you have configured in the IDP.
• Select the policy for the group from the Select Policy option.

• Now for giving permission to the applications for the group:

• a) No App Restriction For Group: In this there will be no restrictions will be applied for the group.
• b) App Restriction For Group: In this there will be restrictions applied for the group based on the policy you have configured for it.
• c) Disable App For Group: By choosing this option the users in the group won’t be able to access the application.
• d) Custom App Restriction For Group: When this option is applied you have to choose a new policy for that app which will override the base policy selected for the group. By this you can apply some custom restriction policy apart from the group restriction policy over that application.

• To apply custom restriction policy follow this step.

• a) Select the custom app restriction for group option.
• b) Select the policy from the drop down as shown in the image below.

• Click on submit button to save the configuration.

External References

• What is Reverse Proxy?
• Secure Cloud Applications from Unmanaged Devices with Reverse Proxy
• How to set up WordPress role based access control to secure site folders?