Company logoHelp Center
Visit oncld.io

LayerX Onboarding - Google Workspace

2 min. readlast update: 09.02.2024

Google Context-Aware Access Guide: Configuring Secure Access for Your Workspace

Introduction

Context-Aware Access in Google Workspace allows organizations to enforce granular access controls based on the context of the user and their device. This guide provides a step-by-step approach to configuring Context-Aware Access, ensuring that only approved users and devices can access sensitive resources.

Step 1: Context-Aware Access Configuration

1. Sign in to the Google Workspace Admin Console
   - Use your workspace admin account to sign in.

2. Navigate to Context-Aware Access Settings
   - Go to Security > Access and data control > Context-Aware Access.

Step 2: Configure Access Levels

1. Create an Access Level
   - Click on Access levels and select CREATE ACCESS LEVEL.
   - Enter the access level name and a description that outlines its purpose.

2. Set Context Conditions
     - For Company-approved devices:
     - Click on Basic and select Meets all attributes.
     - Click on ADD ATTRIBUTE and configure the attribute as Device is > Admin-approved.
      - For Managed browsers:
     - Click on Advanced and enter the following CEL condition:
       ``` device.chrome.management_state == ChromeManagementState.CHROME_MANAGEMENT_STATE_PROFILE_MANAGED
       ```
   - After setting the conditions, click CREATE.

Step 3: Assign Access Levels

1. Assign Access Levels to Apps
   - Click on Assign access levels.
   - Choose the relevant apps, or select the first checkbox to apply the access level to all          apps.
   - Click on Assign.

2. Activate the Access Level
   - Select the appropriate access level, check the Active checkbox, and click Continue.

3. Enforce Access Restrictions
   - Enable the option Block users from accessing Google desktop and mobile apps if access levels aren’t met.
   - Click CONTINUE, and then ASSIGN to apply the settings.

Step 4: Configure User Messages

1. Customize User Messages
   - Go to User message within the Context-Aware Access settings.
   - Customize the message that users will see if they are blocked by Context-Aware Access.

This message should clearly inform users why they are blocked and how they can gain access.

.

Was this article helpful?