> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cystack.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Web login policy

> Block employees from logging into websites using non-company accounts, preventing data leakage from the company

<Card>
  **Use cases:**
  Block employees from logging into websites using non-company accounts, preventing data leakage from the company, for example:

  * Logging into personal cloud storage (Google Drive, OneDrive, Dropbox, iCloud,...)
  * Logging into email, chat applications
  * Logging into other services and platforms
</Card>

Admins can require employees to only log into websites using company accounts within the device's browser.

<Note>Note: When applying this feature, employees will be automatically logged out of websites once, and will only be able to log back in using company accounts.</Note>

Admins can configure the policy by following these steps:

<Steps>
  <Step title={<>On the admin dashboard, select "Device Management" {'\u2192'} "Threat prevention" {'\u2192'} "Web login"</>}>
    <img src="https://mintcdn.com/cystack/cGs2bwxz9a0dv7Pg/images/endpoint/en-web-login.png?fit=max&auto=format&n=cGs2bwxz9a0dv7Pg&q=85&s=e42b7ebd4bac25e1066a58e16ce061a2" alt="en-web-login" width="1392" height="566" data-path="images/endpoint/en-web-login.png" />
  </Step>

  <Step title={<>Click the <code>Edit</code> button to configure the policy</>} />

  <Step title="Admins can edit the following information:">
    * Websites to apply: enter the domain name of the website to apply login restrictions (e.g., google.com, adobe.com,...)
    * Allowed email domains: enter the company email domain (e.g., cystack.net) to only allow login with accounts from this domain
    * Invalid browser profile logout checkbox: When enabled, employees will also be logged out of browser profiles (Google Chrome, Microsoft Edge) if they are not from the configured domain (recommended to enable this option)
    * Applied devices: apply to all devices or specific devices/departments
          <img src="https://mintcdn.com/cystack/cGs2bwxz9a0dv7Pg/images/endpoint/en-web-login-edit.png?fit=max&auto=format&n=cGs2bwxz9a0dv7Pg&q=85&s=92a13c06fb2292d6e57dcc0f8fabf11a" alt="en-web-login-edit" width="2358" height="954" data-path="images/endpoint/en-web-login-edit.png" />
  </Step>

  <Step title={<>Click the <code>Save</code> button to save the configuration</>} />
</Steps>

<Note>Note: To block employees from logging into Google, Facebook, Apple login portals using non-company accounts, administrators can add domains of these services (google.com, id.apple.com, microsoftonline.com,...) to the policy.</Note>

After configuration, on devices with the policy applied:

1. When employees access websites that are configured, they will be logged out of those websites once (to make sure no non-company accounts are logged in)
2. Employees can only log back in using company email accounts from the configured domain
3. When users attempt to log into a website using an account not from the configured domain, the software will display a warning popup as shown in the image below:
   <img src="https://mintcdn.com/cystack/cGs2bwxz9a0dv7Pg/images/endpoint/en-web-login-warning.png?fit=max&auto=format&n=cGs2bwxz9a0dv7Pg&q=85&s=4df4269be895490032ffc4866f5854ed" alt="en-web-login-warning" width="1366" height="653" data-path="images/endpoint/en-web-login-warning.png" />
