How to create a secure environment for your internship program using Google’s Context-Aware Access

Application Modernization Collaboration Cybersecurity General Google Google workspace
Ashley Lewis
  • 7 min read

As companies grow, different business units need access to different applications, data, and devices. That level of access can change within departments and roles as well. Monitoring and configuring these permissions is easy with Google’s Context-Aware Access

What is Context-Aware Access?

Context-Aware Access is a Google Workspace feature that allows you to create a set of access-control policies based on attributes such as user identity, location, IP address, device-security status, OS versions, and more. Simply put, with Context-Aware Access you can customize who can access what services within your Google Workspace domain, and what other permissions you want to grant to each person within those layers.

Today we’ll walk through how to create access controls for a specific department or group of employees. For this example, let’s say you have a summer internship program and want to give them specific access to role-specific apps on company-owned devices within a specific location.

Before we start, important questions to ask yourself when creating access levels are:

  • What tasks do these employees absolutely need to perform?
  • What applications allow them to complete those tasks?
  • Where do these employees normally work or where would the company prefer they work?
  • How do they access work data?

Once you’ve answered these questions, you can begin creating an access level.

How to create an access level for your summer interns 

  • Start on your Google Admin Console home page.
  • Click Security to go to that section of the Admin Console.
  • Scroll down to the section Context-Aware Access.
  • Once you’re on that page, you’ll be able to see a full dashboard for Context-Aware Access:
    • Access levels
    • Assign access levels
    • User message

Note: be sure that Context-Aware Access is turned on – you should see a green ON text on the left-hand side. There’s a power button below that text to turn it off as well.

  • Click CREATE ACCESS LEVEL on the right-hand side. This takes you to a new screen to input all details and conditions for your access level.
  • Details:
    • Name (helpful hint: use the department or business unit)
      • For this example, we’ll use “Summer Interns.”
    • Description (describe the tasks they’ll be completing and the applications that align with those tasks)
      • For this example, we’ll use “Access to communications, scheduling, and collaboration applications on company devices within the company network.”
  • Conditions: You can add as many conditions as necessary to create your access control. Use the AND / OR operators to say whether all conditions or just some need to be applied. 
  • Click ADD ATTRIBUTE to create your first condition. Select from the drop down which attributes apply.
    • For this example, we’ll select IP subnet and input our company IP address so interns are only accessing company data on our company network. 
  • Add a second condition by clicking ADD CONDITION.
    • Go through the same process as our first condition. Add Device policy – > Company-owned device is required so they are only accessing data on company-provided laptops and cell phones. 
  • Click SAVE. 
  • This will take you to the next step, assigning access level. Click the blue button that says ASSIGN ACCESS LEVEL.
  • From here, you’ll see a list of all available apps within your Google Workspace account. Select the applications you want this group to access.
    • For this example, we’ll select Calendar, Drive and Docs, Gmail, Google Chat, and Google Meet. 
  • Scroll back to the top of the list and click Assign next to the number of selected apps. A new window will pop up asking which group this should be assigned to. 
  • Select the group name we created: Summer Interns. Click SAVE. 

Watch: Context-Aware Access in under 10 minutes

To see all of this in action, here’s a quick video that inspired this example:

If you have any questions about Context-Aware Access and how it can be used within your Google Workspace domain, please reach out to us here. We’d be happy to help.

See Similar Articles