This global control significantly reduces the administrative burden of managing security for applications at scale. Instead of manually configuring rules for every individual SAML app, administrators can set a single policy to cover their entire environment. Specific application-level policies will still take precedence, allowing for granular control where needed while the global policy acts as a reliable safety net.
These default policies support both Monitor and Active modes, providing flexibility in how security requirements are phased in. Detailed audit logs will capture these enforcement events, and remediation messages help end users understand how to resolve access issues independently.
Admins can configure CAA policies for all SAML apps in the Admin console under Security > Context-aware Access > General settings.
Getting started
- Admins: This feature will be OFF by default and can be enabled at the OU or group level. Visit the Help Center to learn more about applying a default context-aware access policy for all SAML apps.
- End users: This feature is available to admins only.
Rollout pace
- Rapid Release and Scheduled Release domains: Available now
Availability
- Enterprise: Enterprise Standard and Plus
- Education: Education Standard and Plus
- Other Editions: Frontline Standard and Plus; Enterprise Essentials Plus; Cloud Identity Premium
Resources
- Google Workspace Admin Help: Apply a default Context-Aware Access policy for all SAML apps
- Google Workspace Admin Help: Deploy Context-Aware Access