Looking for help?
< All Topics
Print

Control G-Connector Access with Domain-Matching Rules in Salesforce

July 2, 2025

Strengthen your organization’s data security by implementing precise domain-based access rules for G-Connector. Using settings in a Salesforce’s Custom Metadata Type, you can now easily define and manage which domains and Google users are permitted access, ensuring only authorized users connect to your Salesforce environment. This feature provides greater flexibility, security, and control, giving you peace of mind that your sensitive information remains protected.
Three options are available:

  • Block G-Connector access to Salesforce if the user’s Google email address does not exactly match the email address on the Salesforce account the user is logging in to. For example Google Sheets user user1@salesforce.com will be only be able to log in to a Salesforce account associated with the user1@salesforce.com email address.
  • Block G-Connector access to Salesforce if the domain of the user’s Google email address does not match the domain of the email address on the Salesforce account the user is logging in to. For example Google Sheets user user1@salesforce.com will be able to log in to any Salesforce account associated with an email ending in @salesforce.com
  • Block G-Connector access to Salesforce if the G-Connector the domain of the document owner’s email address does not match the domain of the email address on the Salesforce account the user is logging in to. For example, any user logging in from a Google Sheet owned by user1@salesforce.com will be able to log in to any Salesforce account associated with an email ending in @salesforce.com.

Setting Up the Restrictions

These restrictions need to be set up in the Salesforce org where they will be enforced by its Salesforce admin.

To create a custom metadata type in Salesforce, go to Setup and type Custom Metadata Types into the Quick Find box. Click New Custom Metadata Type to begin.

Name the metadata type Settings, then click Save. Once saved, you’ll be directed to the Settings metadata type page. Now, you can create custom fields.

Alert Email (Email)

If you specify an email address here, a notification will be sent to that address whenever a user is blocked from logging in to Salesforce based on any of the domain-mismatch conditions described below.

Allow Domain Mismatch(Checkbox)

If unchecked, compare the domain part of the user’s Salesforce email to make sure it matches their Google account email domain name.

Allow Sheet Owner Domain Mismatch(Checkbox)

If unchecked, compare the domain of the user’s Salesforce email with the sheet owner’s Google account email.

It can be used to prevent access from a different domain (including free Gmail accounts) to sheets owned by others in the company, while still allowing access to sheets created by the user.

Allow Account Mismatch (Checkbox)

It compares the Google email address of the user logging in via G-Connector against the Salesforce email address associated with their account. 

Access is only granted if the two email addresses match exactly.

Hence, setting this up helps you keep G-Connector access limited to the right people, avoid unwanted access to external sheets, and stay updated with login attempts.