Use groups to manage Context Aware Access for G Suite

What’s changing 

You can now use groups to manage context-aware access for your organization. You could previously only manage them by organizational unit (OU). Context-aware access lets you control access based on user identity and context. Managing this with groups provides extra flexibility, so you can make sure the right users have the right levels of access at the right time.

Use our Help Center to find out how to manage context-aware access.

Who’s impacted 


Why you’d use it 

With context-aware access, you can set up different access levels based on a user’s identity and the context of the request (location, device security status, IP address). This can help you provide granular access controls without the need for a VPN, and give users access to G Suite resources based on organizational policies. Find out more about context-aware access.

Using groups enables more granular access controls while minimizing the amount of work required to create and manage different OUs. For example, groups may make it easier to set up different policies for:

  • Users at different organizational levels (e.g. executives) 
  • Users in specific roles (e.g. admins) 
  • Users with different employment statuses (e.g. full-time employees or temporary workers) 

Getting started 

Admins: There will be no change to existing context-aware access policies, but you can now set policies at the group level. Visit the Help Center to get an overview of context-aware access, or learn how to customize context-aware access with groups.

End users: There is no end user setting for this feature.

Rollout pace 


  • Available to G Suite Enterprise, G Suite Enterprise for Education, Cloud Identity Premium, and Drive Enterprise customers. See more details
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers