You can configure the service to allow users to access Gmail and other Google apps from your organization's domains only. For example, you can allow users to sign in to their Gmail corporate accounts, but block them from signing in to their personal Gmail accounts.
The service intercepts any google.com (or associated Google app) request and adds the HTTP header X-GoogApps-Allowed-Domains, which identifies the domains from which users can access Google services.This prevents users from accessing Gmail and other Google apps from other domains.
This feature does not affect Google apps that do not require users to sign in, such as Google search. But a user who signs in from Google search with an account that is not whitelisted will be blocked.
For additional information from Google, see https://support.google.com/a/answer/1668854?hl=en-uk&hlrm=en
Do the following to use this feature: