Context-Aware Access for SAML apps now generally available

Quick launch summary 

In April, we announced a beta which enabled admins to control access to SAML apps based on context. Now, we’re making this feature generally available. 
You can use Context-Aware Access (CAA) to create granular access control policies for pre-integrated SAML apps or custom SAML apps based on attributes including the user, location, device security status, and IP address. This can improve your security posture by reducing the chances that there’s unintended access to specific apps and the data in them. 
See our beta announcement for more details on how the feature works and how you can use it. CAA can be used for SAML apps (policy evaluation on sign-in) that use Google as the identity provider. A third-party identity provider (IdP) can also be used (third-party IdP federates to Google Cloud Identity and Google Cloud Identity federates to SAML apps). Visit our Help Center to see how to set up single sign-on for managed Google Accounts using third-party Identity providers.

Getting started 

  • Admins: This feature will be available by default. Any policies created during the beta will persist when the feature becomes generally available. 
  • End users: No end-user impact until turned on by the admin. 

Rollout pace 


  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, G Suite Essentials, and Cloud Identity Free customers 


Read More