Secure Google Access

Overview

Acreto offers a comprehensive solution for businesses seeking to safeguard their access to corporate Google applications and data. This is achieved by channeling all traffic to these applications through Acreto’s advanced threat engine and instituting a restriction rule on Google to exclusively accept traffic from Acreto’s IP address. With Acreto, enterprises can be assured of a secure and reliable connection to their essential Google assets.

This document outlines a clear and easy-to-follow process for businesses to secure their corporate Google access with the help of Acreto.

Pre-requisite

  1. Google Workspace Enterprise version or above
  2. New or Existing Ecosystem

Steps

Part I - Connect to Ecosystem for gaining secure access to Google applications

Connect users using any of the multiple options with Acreto Ecosystem.

Conenct to Acreto

Part II - Enforce IP restrictions on Google using Context-Aware access (CAA)

Google Administrators need to enforce the IP restriction rule using Context-Aware access under the Admin console to allow access only from Acreto Ecosystem IP.

  1. Login to https://admin.google.com/ with Admin credentials
  2. Goto Home » Security » Access and Data control » Context-Aware Access Secure-Google
  3. Click Create New Access level Secure-Google
  4. In the Details section provide :
    • Access level name : Acreto_access_allow
    • Description : Access allowed only through Acreto Secure-Google
  5. In the Context conditions sections, click ADD CONDITION

    • Select meets all attributes (AND)

    • Select Attribute : IP Subnet Value : Ecosystem Exit IP IPv4 , Ecosystem Exit IP IPv6 with mask /56

    • Click Create Secure-Google Secure-Google

  6. Next click ASSIGN ACCESS LEVEL Secure-Google
  7. Select all the apps that need secure access and click ASSIGN Secure-Google
  8. Check both the Access level and assign to Desktop app and click SAVE, Secure-Google

With this step , the IP enforcement configuration on Google is complete.

Part III - Turn ON Context-Aware Access

Once onboarding of all the users on Acreto is complete , the administrators can Turn-On the Context-Aware Access for everyone.

  1. Goto Home » Security » Access and Data control » Context-Aware Access and click Turn-On Secure-Google

Summary

Once user or device is connected and the traffic goes through Acreto Ecosystem where is thoroughly scanned against any threat or malware. Also the traffic leaving Acreto gains Acreto’s Exit IP as the source hence meeting the Google CAA access criteria.

Next page: Microsoft ecosystem-based solutions