Control access to apps based on user and device context

Context-Aware Access FAQ

Frequently asked questions for Context-Aware Access

Open all   |   Close all

Why aren’t Context-Aware Access policies applied to some users in my company?

Users may not all have the same licenses assigned to them. Verify that your users are members of an organizational unit or group that has Context-Aware Access-supported Google Workspace editions. Check Billing in the Admin Console to verify user licenses.

Why don’t the access levels behave as I intend them to?

Verify that the access setting in the Context-Aware Access policy is the one you intend - either Meet attributes or Don’t meet attributes.

What prevents Context-Aware Access from working with Chrome browser?

If you enforce a device policy at an access level, you and your users have to set up endpoint verification. You enable endpoint verification in the Admin console. Go to Set up software and create Context-Aware access levels for details.

Why is a user request denied when Context-Aware Access is configured correctly?

If an access level denies a user request but the access level appears to be configured correctly, the user may need to force the server-side device state to refresh. Go to Use mobile devices with access levels - Troubleshooting for details.

Why access to Google Workspace native apps is working as intended but access to a web application in Chrome is still blocked?

Chrome browser users (desktop and mobile), must turn on sync in Chrome browser. Go to Turn sync on and off in Chrome for details.

What app should I use to manage Android devices if I have the Advanced Device Management?

Use the Android Device Policy app to manage Android devices. Any applications enforced by Context-Aware Access policy on Android devices managed by the legacy Google Device Policy app are blocked.

Why is user access to Safari denied when Context-Aware access is configured correctly?

If Apple Private Relay is configured in iCloud, the device IP address is hidden. Google Workspace receives an anonymous IP address. In this case, if there is a Context-Aware access level assigned as the IP subnet, then access is denied to Safari. Fix this by turning off Private Relay, or by removing the access level that contains IP subnets.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center