This announcement was made at Google Cloud Next ‘19 in San Francisco. Check out Next OnAir to tune into the livestream or watch session recordings following the event.
What’s changing
We’re launching a beta program that enables G Suite admins to dynamically control access to G Suite apps based on a user’s identity and the context of their request (device security status, IP address, etc.). Members of the beta will be able to:
- Set up different access levels based on a user’s identity and context of the request.,
- Use granular controls for different organizational units (OU)
- Control access to several G Suite apps by setting different policies for the different access level profiles that have been set up
Who’s impacted
Admins only
Why you’d use it
Currently G Suite admins can turn access to apps and services on or off for specific OUs or groups of users. This beta will provide more dynamic controls, so you can take into account contextual signals, such as device security status or IP address, to control access to those apps and services. Examples of access controls that can be set up through the context-aware access beta include:
- Only users from corporate-owned device and a corporate IP address can access Google Drive.
- Only a “High Trust” group can access Google Drive when not on a corporate IP address.
- Only users from an encrypted device with a screen lock enabled can access Gmail.
How to get started
- Admins: This is an opt-in beta. Admins can opt-in by changing their security settings Admin console> Security> Context-Aware Access
- End users: No action needed
Additional details
In the beta, context-aware access will only be configurable for Gmail, Calendar, Drive, Docs, Sheets, Slides, Forms, Sites, and Keep. You’ll be able to use the following contextual signals to control access:
- IP Subnet (specific IPv4 or IPv6 address)
- Device policies as reported through the Endpoint Verification extension, including whether a device password is active, device encryption status, minimum OS versions, and company-owned devices.
You can apply policies by OU or to the whole domain, and all admin activity is logged in audit logs in the
Admin console > Reports > Admin view.
Availability
G Suite editions
- Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium
- Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free.
Stay up to date with G Suite launches