This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Context Aware Access to User Account

Go to solution
Olger
New Contributor III

‎04-01-2025 05:10 PM

I'm hoping someone knows the secret switch that makes this happen.

We've implemented Context Aware Access (CAA) for a number of accounts, mostly to restrict usage to on-campus only. We've set up a CAA rule and applied the rule to all apps in OU's that hold those accounts and restrict access by IP address. Everything works, all apps are inaccessible. 

But.

You can still login to the accounts outside of campus. You can't use any of the apps, but there's access to the account. I would have thought CAA would be able to block that as well, but apparently not.

How can I block access to accounts based on, for instance, IP address? I don't even want anyone be able to login to those accounts when not on campus.

Topics:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Kim_Nilsson
Admin Moderator

‎04-03-2025 06:35 AM

Hiya, @Olger !

This is 100% how CAA is supposed to work! 😁

You can only restrict access to apps and services, NOT restrict login.

The simplest explanation is that CAA only applies after you log in.

--
https://wheretofind.me/@NoSubstitute

View solution in original post

Reply
3 REPLIES 3

Go to solution
Kim_Nilsson
Admin Moderator

‎04-03-2025 06:35 AM

Hiya, @Olger !

This is 100% how CAA is supposed to work! 😁

You can only restrict access to apps and services, NOT restrict login.

The simplest explanation is that CAA only applies after you log in.

--
https://wheretofind.me/@NoSubstitute
Reply

Go to solution
Kim_Nilsson
Admin Moderator
In response to Kim_Nilsson

‎04-03-2025 06:43 AM

It's even written in the first sentence in the support article about CAA.

"Context-Aware Access gives you control over which apps a user can access based on their context..."

Yes, that could have been clarified to say ".. but does not block users from logging into their accounts, regardless of context..."

You should give that as feedback on the support article. Just hover over the vertical line to the right of the article, and a feedback icon will appear.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Go to solution
Olger
New Contributor III
In response to Kim_Nilsson

‎04-03-2025 03:05 PM

Thanks Kim!

I left feedback on that article. Also left feedback on that feedback icon. To me, hiding such a feature tells me that Google doesn't really want feedback. Why would I hover over the entire page or look in the page source to see if there are some hidden buttons? I would only see that icon if I accidently moved the mouse over that section, or if someone, like you did, pointed it out. And even then, I was initially too high up that vertical line and didn't see it.

Anyway, thank you!

Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines