Blog

Context-Aware Access in G Suite

Using Context-Aware Access, you can create granular access control policies to apps based on attributes such as user identity, location, device security status, and IP address for G Suite enterprise edition.

Context-Aware Access in G Suite

Context-Aware Access allows admin to create access control policies to apps based on attributes such as user identity, location, device security status, and IP address.

Context-Aware Access gives users control over apps who can access them based on their context, such as whether their device complies with their organisational policies.

Users can still set access policies, such as 2-Step Verification for all members of an organizational unit or group.

Uses

Context-Aware Access can be used to:

  • Allow access to apps only from company-issued devices
  • Allow access to Drive only for an encrypted user storage device
  • Restrict app access outside the corporate network

Context-Aware Access policies can be applied only to users using the following editions:

  • G Suite Enterprise
  • Cloud Identity Premium
  • G Suite Enterprise for Education

This policy is not available in G Suite Basic or G Suite Business editions.

Users with G Suite Basic or G Suite Business editions can access apps as usual.

If any Context-Aware Access policy is applied for all users in the same organizational unit or group, users who don't have the supported editions aren't available for Context-Aware Access policies that are enforced.

Context-Aware Access policies can be applied for:

  • Core G Suite services 
  • Calendar
  • Cloud Search
  • Drive and Docs (includes Sheets, Slides and Forms)
  • Gmail
  • Google Meet
  • Google Vault
  • Groups for Business
  • Google Chat
  • Jamboard Service
  • Keep
  • Sites
  • Tasks
  • SAML apps 

If a user signs into a SAML app on a mobile device using a web browser, Context-Aware Access policies are enforced and access is blocked.

User can’t enforce Context-Aware policies on:

  • G Suite mobile apps, such as the Gmail Apple Mail app
  • Desktop apps, such as Drive File Stream
  • SAML mobile apps using any web browser for sign-in (all access denied)

Admin requirements

These admins can set Context-Aware Access policies:

  • Super admin
  • Delegated admin with each of these privileges
  • Data Security>Access level management
  • Data Security>Rule management
  • Admin API Privileges>Groups>Read
  • Admin API Privileges>Users>Read

If any user who doesn’t meet the access level conditions tries to access an app, they will be shown an error message which can be customized by the admin.




Need Help ?

Click here and start chatting with us !

Chat Now
Start chatting with us !