About Context-Aware Access
Context-Aware Access gives you control over which apps a user can access based on their context. Unlike traditional security which relies on a simple login, this feature creates granular access control policies based on attributes such as user identity, location, device security status, and IP address.
| Critical Warning: Do not assign access levels to the Admin console app unless you specifically need to limit access by other admins. Incorrect configuration here can lock administrators out of the console. |
How It Works
To implement Context-Aware Access, you follow a two-step logic flow:
| 1. Create Access Levels Define the rules. (e.g., "Must be on Corporate IP") | ➔ |
Enforce the rule on specific tools. (e.g., Apply to Gmail & Drive) |
Key Capabilities & Integrations
Context-Aware Access extends beyond simple IP blocking. The following features allow for robust enterprise security:
| Feature | Description |
| Configuration Groups | Apply access levels to specific groups of users rather than entire organizational units. Configuration groups can include users from any organizational unit in your business. |
| Data Loss Prevention (DLP) | Combine DLP rules with Access levels. This allows you to enforce DLP rules under specific conditions, such as preventing sensitive data sharing only when a user is in a specific location or on an unsecure device. |
| Remediation Messages | Help users unblock themselves when a policy prevents access. You can add custom messages (e.g., "Please update your OS") so users know why they were denied. |
| Advanced Mode (CEL) | If the Basic mode interface isn't flexible enough, you can create custom access levels using Common Expression Language (CEL) for complex logic. |
Common Use Cases
Administrators typically deploy Context-Aware Access to solve these specific security scenarios:
- IP Address Enforcement: Restrict access to apps based on corporate network ranges.
- Device Policy Enforcement: Require devices to meet security standards (e.g., encryption, password protection) before accessing data.
- Managed Chrome Browser Enforcement: Ensure access only comes from corporate-managed browsers.
Official Resource: About Context-Aware Access - Google Support
