Control Access to Google Apps & Services with Context Aware Access (CAA)
The way we work has drastically changed over the last few years. With work-from-home and hybrid work becoming the new normal, secure employee access to business applications and data is fundamentally changing. Many organizations are looking to implement a zero trust framework. Google Workspace can help you accomplish these goals. In Part II of our blog series on security and privacy, we are focusing on Context-Aware Access or CAA.
Context-Aware Access provides granular controls over who can access applications based on IP address, Geographic origin, or device. This feature aligns perfectly with the zero trust framework. Zero trust asserts no user or device should be trusted by default. Trust is established through context. CAA helps you accomplish this trust. If this trust is not met, you can decide which individual applications the user has access to. These applications can be Workspace applications or third party SAML applications.
Watch our latest how-to video to learn how you can Control Access to Google Apps & Services with Context-Aware-Access (CAA).
Getting started with Context-Aware Access
In this demonstration, we will utilize Google Workspace CAA to control access to specific applications. CAA gives you the ability to customize how each application is accessed.
What are Access Levels?
Access levels combine conditions and values that define a user or device context. These access levels define the context used for application access. In this demonstration, we created an access level that prevents access to Gmail if the user is outside the United States.
Assigning Access Levels
Once you have created your access levels, then you can apply these access levels to the desired users. You have the ability to apply an access level to the entire organization or a subset of users. You also have the ability to apply multiple access levels to users.
Setting the User Message
By default when a user’s access is blocked they will see a notification “A company policy is blocking access to this app.” To make the notification more helpful you can use remediation messages and custom messages. When remediation messages are enabled they will provide guidance on how to address why the user was blocked. A custom message allows you to input specific instructions or information and can be used in conjunction with remediation messages.
In our example, the access level we created blocks access to Gmail when the user is outside the United States. The user sees a custom message when trying to access Gmail. For administrators, logs are provided for CAA and you have the ability to create alerts based on activity. You can choose to send alerts to the alert center and specific admins.
Here we've demonstrated just one example of an access level utilizing Google Workspace Context-Aware Access. You can create complex access levels combining multiple attributes or you can keep them simple like in our example. Context-based policies may not be required but CAA can still improve your overall security and help you mitigate risk. If your organization is looking to implement Zero Trust, Context-Aware Access is a must. As a Google Cloud Partner with a Specialization in Work Transformation, our seasoned team is available to help you implement Context-Aware Access within your organization. Schedule time with our team here.
Check back to the blog for Part III in our Security Series: Keep Data Safe with Google Workspace Security Center Advanced analytics & threat intelligence tools.
Steve Newman Bio: I love sports and technology. I graduated from the University of Georgia where I was a member of the men’s basketball team. After college I traveled the world playing basketball. When my basketball career was over I moved into the technology world.
I have worked for small early-stage startups and some of the largest companies in the world. I’ve been working in the Google Ecosystem both as a partner and as a Googler for over a decade now.