Skip to content
Griffin31 Help Center

LayerX Onboarding - Google Workspace

Google Context-Aware Access Guide: Configuring Secure Access for Your Workspace

Introduction

Context-Aware Access in Google Workspace allows organizations to enforce granular access controls based on the context of the user and their device. This guide provides a step-by-step approach to configuring Context-Aware Access, ensuring that only approved users and devices can access sensitive resources.

Step 1: Context-Aware Access Configuration

  1. Sign in to the Google Workspace Admin Console    - Use your workspace admin account to sign in.

  2. Navigate to Context-Aware Access Settings    - Go to Security > Access and data control > Context-Aware Access.

Step 2: Configure Access Levels

  1. Create an Access Level    - Click on Access levels and select CREATE ACCESS LEVEL.    - Enter the access level name and a description that outlines its purpose.

  2. Set Context Conditions      - For Company-approved devices:      - Click on Basic and select Meets all attributes.      - Click on ADD ATTRIBUTE and configure the attribute as Device is > Admin-approved.       - For Managed browsers:      - Click on Advanced and enter the following CEL condition:         device.chrome.management_state == ChromeManagementState.CHROME_MANAGEMENT_STATE_PROFILE_MANAGED            - After setting the conditions, click CREATE.

Step 3: Assign Access Levels

  1. Assign Access Levels to Apps    - Click on Assign access levels.    - Choose the relevant apps, or select the first checkbox to apply the access level to all          apps.    - Click on Assign.

  2. Activate the Access Level    - Select the appropriate access level, check the Active checkbox, and click Continue.

  3. Enforce Access Restrictions    - Enable the option Block users from accessing Google desktop and mobile apps if access levels aren’t met.    - Click CONTINUE, and then ASSIGN to apply the settings.

Step 4: Configure User Messages

  1. Customize User Messages    - Go to User message within the Context-Aware Access settings.    - Customize the message that users will see if they are blocked by Context-Aware Access.

This message should clearly inform users why they are blocked and how they can gain access.

.