Project Description

📖 2 mins read

You can now use groups to manage context-aware access for your organization. You could previously only manage them by organizational unit (OU). Context-aware access lets you control access based on user identity and context. Managing this with groups provides extra flexibility, so you can make sure the right users have the right levels of access at the right time.

Who’s impacted


Why you’d use it

With context-aware access, you can set up different access levels based on a user’s identity and the context of the request (location, device security status, IP address). This can help you provide granular access controls without the need for a VPN, and give users access to Google Workspace resources based on organizational policies. Find out more about context-aware access.

Using groups enables more granular access controls while minimizing the amount of work required to create and manage different OUs. For example, groups may make it easier to set up different policies for:

  • Users at different organizational levels (e.g. executives)
  • Users in specific roles (e.g. admins)
  • Users with different employment statuses (e.g. full-time employees or temporary workers)

Getting started

Admins: There will be no change to existing context-aware access policies, but you can now set policies at the group level. Visit Google’s Help Center to get an overview of context-aware access, or learn how to customize context-aware access with groups.

End users: There is no end user setting for this feature.

Rollout pace


  • Available to Google Workspace Enterprise, Google Workspace Enterprise for Education, Cloud Identity Premium, and Drive Enterprise customers. See more details.
  • Not available to Google Workspace Basic, Google Workspace Business, Google Workspace for Education, Google Workspace for Nonprofits, and Cloud Identity Free customers.
Thanks for sharing and spreading the word!