Create Access Level from Google Admin Console

As part of Security implementation, Google Admin Console allows you to create an access level that contains an attribute having conditions. The specified conditions would be your criteria to decide if you want to allow or deny access to an application. You can create three types of policies through this feature. 

You have a specific IP address policy which is the public IP range. You have the device policy that specifies the characteristics of the device, such as the OS version, encryption or the password requirements and so on. 

Then you have the Geographic role of geographic policy which can specify the countries.

Context-aware access is a method where you can create a set of granular access and control policies to applications based on attributes such as user's identity, location, device security status and IP address and for OS versions as well. In general, if you want to grant access to applications which you want to avail in your company devices or if you want to have user's device storage in encrypted form or to restrict access to the application from outside the corporate network, you can do by creating access level.

This feature is available in the G Suite Enterprise edition. If you are using G Suite Basic or G Suite Business then you must have Google cloud identity premium to get this feature.

By default, you do not have any access level created. Below mentioned steps will guide you to learn how to create an access level in your organisation - 

• Go to Admin Console and open the Security option. 

• Now click on the option Context-Aware Access. 

• Now click on Create access level. 

• An interface would open to add title and description. 

• After adding the same you will be redirected to access level conditions. 

• Now from there select an attribute so as to set IP restriction select IP Subnet and put the IP details, then enter the data of Device policy. After that click on create access level. 

• The next step is to assign an application. Go to the app assignment option and select your applications and click assign. 

The access is granted if the users meet or do not meet (as per the previous option selected) the conditions for at least one of the selected access levels. So, now select the access level.  After the rule is added, go back to Context-aware access and click turn on the option. 

Context-aware access is a service that can integrate with Endpoint verification as well to make sure your data and company information are secure and get accessed from the devices that you permit.