Project Description

📖 < 1 min read
In April, Google announced a beta which enabled admins to control access to SAML apps based on context. Now, Google is making this feature generally available.
You can use Context-Aware Access (CAA) to create granular access control policies for pre-integrated SAML apps or custom SAML apps based on attributes including the user, location, device security status, and IP address. This can improve your security posture by reducing the chances that there’s unintended access to specific apps and the data in them.

See Google’s beta announcement for more details on how the feature works and how you can use it.

CAA can be used for SAML apps (policy evaluation on sign-in) that use Google as the identity provider. A third-party identity provider (IdP) can also be used (third-party IdP federates to Google Cloud Identity and Google Cloud Identity federates to SAML apps).

Visit the Help Center to see how to set up single sign-on for managed Google Accounts using third-party Identity providers.

Getting started

  • Admins: This feature will be available by default. Any policies created during the beta will persist when the feature becomes generally available.
  • End users: No end-user impact until turned on by the admin.

Rollout pace


  • Available to Google Workspace Enterprise, Google Workspace Enterprise for Education, and Cloud Identity Premium customers
  • Not available to Google Workspace Basic, Google Workspace Business, Google Workspace for Education, Google Workspace for Nonprofits, Google Workspace Essentials, and Cloud Identity Free customers
Thanks for sharing and spreading the word!