Control access to apps based on user & device context

About Context-Aware Access

Context-Aware Access gives you control over which apps a user can access based on their context, such as whether their device complies with your IT policy. Using Context-Aware Access, you can create granular access control policies for apps that access Workspace data based on attributes, such as user identity, location, device security status, and IP address.

Protect your business with Context-Aware Access

Details on:

  • Use cases
  • Supported apps, platforms, admin requirements

Go to: Protect your business with Context-Aware Access

Deploy Context Aware-Access

Deployment recommendations, preparation, and software set ups. Also, how to turn off Context-Aware Access if you need to. 

Go to: Deploy Context-Aware Access

Implement Context-Aware Access

To get Context-aware access going, you need to create access levels and assign them to specific applications. These articles show all of the configuration choices you can make in the interface to create the access levels and assign them to apps. 

Go to:

Understand use case examples for Context-Aware Access

Below are links to three specific, common use cases for Context-Aware Access. These examples describe creating access levels and assigning them to apps for each use case.

Go to:

Add messaging for your users

With remediation messages and custom messages, you can help users unblock themselves when a policy prevents them from accessing an app.

Go to: Allow users to unblock apps with remediation messages

Use Context-Aware Access with configuration groups

With configuration groups, you can apply context-aware access levels to groups of users rather than organizational units. Configuration groups can include users from any organizational unit in your business.

Go to: Use Context-Aware Access with configuration groups

Use Context-Aware Access with Data Loss Prevention (DLP)

DLP rules prevent unintended sharing of sensitive content such as credit card numbers or identity numbers. You can combine DLP rules with Context Aware access levels to enforce DLP rules under certain context conditions, such as user location or device security policy. 

Go to: Combine Data Loss Prevention rules with Context-Aware access conditions

Explore ideas for access levels - examples in Basic mode and Advanced mode

  • Examples of access level configurations that you develop in the Context-Aware Access interface in Basic mode.

    Go to: Basic mode access level examples

  • Sometimes the access levels you create in the interface are not as flexible or as robust as you would like. You can create custom access levels in Advanced mode using Common Expression Language (CEL).

    Go to: Advanced mode access level examples

Assign Context-Aware access levels to the Admin console

You can control access to the Admin console based on context by assigning Context-Aware access levels to the Admin console.

Note: Do not assign access levels to the Admin console unless you specifically need to limit the access to the Admin console by other admins.

Go to: Assign Context-Aware access levels to the Admin console

Related topics

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
12844507574920064348
true
Search Help Center
true
true
true
true
true
73010
false
false
false
false