Setting up conditional access for Google Workspace AppsSolved

Hey @bram , you’re right, you can restrict access to apps based on various criteria via the Google Admin console using the Context-Aware Access feature. Context-Aware Access helps you to define the context within which users can access the apps by creating different access levels based on the configured attributes. Here’s how you do it:

1. Log in to your Google Admin Console.
2. Navigate to Security > Access and data control > Context-Aware Access > Access levels.
3. Click on CREATE ACCESS LEVEL and enter the Access level name and description under the Name and description field.
   
4. Under Context conditions, select Basic and click on ADD CONDITION.
5. Choose either of the options Meets all attributes (AND) or Doesn’t meet 1 or more attributes (OR).
   
6. Click on Select attribute and select and configure the desired attributes from the options IP subnet, Location, Device, Device OS or Access level.
   
7. Click on ADD ATTRIBUTE if you want to configure more attributes.
8. Then, click on Create.

To read more about creating Context-Aware access levels you can visit the link below.
Creating Context-Aware access levels..

After creating the access level, you will be directed to the following screen where you will have to assign the access level to applications. The users will be able to access those apps only if they meet the access level’s conditions.

Follow the steps below to assign the access level to apps:

1. Click on ASSIGN TO APPS.
2. You can choose a specific user from Users or multiple users by selecting Groups or Organizational Units to whom the access level will apply.
   
3. Select apps from the list and then click on Assign.
4. Then, select the configured Access Level and choose the mode- Monitor or Active– to enforce the access level.
   
5. Click on Continue.
6. Configure the options in Other enforcement settings to choose when the selected access level should apply.
   
7. Proceed by clicking on Continue and then Assign.

You can go through the following link to dive deeper into assigning Context-Aware access to apps.
Assigning Context-Aware access levels to apps…

Thank you for that. Is it also possible to enforce this for devices after enrolling in Hexnode?

@bram , yes, by enrolling the devices associated with Google Workspace users in Hexnode UEM you can impose more restrictions and explore the full capabilities of a UEM solution. Context-Aware Access is however set up through the Google Admin Console and its effects will take place irrespective of whether the device is enrolled in the UEM or not.
Keep in mind that before enrolling the devices you need to initially configure Google Workspace with the Hexnode UEM console. You can refer to our help documentation to know how you can enroll iOS and macOS devices through Google workspace enrollment.

Thank you so much for the help!