What’s changing
Admins can now use context-aware access to block users' access to Workspace Applications via other Google (1st party) & non Google (3rd party) applications. With context-aware access, you can set different access levels to Workspace applications based on a user’s identity and the context of the request (location, device security status, IP address).
Why it’s important
Context aware access for APIs will enable customer admins to extend existing user/device CAA context access controls to end users attempting to access Google Workspace Applications via other Google & Non Google applications. Extending these policies to APIs that request Google Workspace core data gives admins another layer of control and security and helps protect against data exfiltration.
Getting started
- Admins: Visit the Help Center to learn more about controlling which third-party & internal apps access Google Workspace data, context-aware access, creating context-aware access levels, and assigning access levels to apps.
- End users: There is no end user action required. You’ll see a blocked message if you’re attempting to access an app violating the context conditions specified by your admin.
Rollout pace
- This feature is available now.
Availability
- Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers
Resources
- Google Workspace Admin Help: Control which third-party & internal apps access Google Workspace data
- Google Workspace Admin Help: Use cases: Exempt trusted third-party apps from being blocked
- Google Workspace Admin Help: Control access to apps based on user & device context
- Google Workspace Admin Help: Create Context-Aware access levels
- Google Workspace Admin Help: Assign Context-Aware access levels to apps