Context Aware Access

[Graham]

Hi all

I see you can create, edit, print Context Aware Access rules using GAMADV (https://github.com/taers232c/GAMADV-XTD3/wiki/Context-Aware-Access-Levels) but I don't see anywhere to apply the rules to an OU or app, have I missed it somewhere or is that not available in Google's APIs?

I am looking at creating a script to apply/revoke rules to OUs so we can turn on/off access quickly

Thanks

Graham

[Ross Scroggs]

Graham,

Here is the API documentation: https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies

I don't see how to apply the rules to an OU or app; maybe Jay has additional info.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/eeda7ec9-9ed6-4289-99ab-24ffc7258190n%40googlegroups.com.

[Graham]

Thanks Ross, that's what I was seeing too - oh well, back to the drawing board for me then

Graham

[Jay Lee]

CAA access levels have a LOT of flexibility. For example, you can create a level that defines working hours:

https://support.google.com/a/answer/11368990?hl=en#zippy=%2Callow-access-to-users-based-on-the-strength-of-the-users-login-credentials%2Conly-allow-access-to-shift-workers-during-their-shift-hours

Additionally you can write an access level that requires a certain attribute be written to the user's device to pass. GAM can write that device attributes to devices or, you can have a Cloud Function that automated the process.

For example, I wrote a very simple AppEnginr app that limits users to a single active app with Workspace access and allows them to switch between them. See:

https://gist.github.com/jay0lee/d2947fb11ba70ee172a28cb695d5e23d

You'll need to offer more details on what you meant by disable access quickly but there should be a way to achieve it.

Jay

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/8bcad6c7-28ae-453d-b843-1c9f22e7ad1bn%40googlegroups.com.

[Graham Ingleby]

We are using it in a pretty simple way monitoring OS versions.

We have 2 policies:

Live - allows access if you device is above a certain OC version (eg Android 10 or iOS 11 or Windows 10 or Mac 11)

Dark - blocks access, we use a check for Windows 999.99.99.99 as we know that will not exist

What I want to do is be able to switch between the Live and Dark policies for an OU thus granting or blocking user access quickly

This works fine manually, I was looking for a way to automate it, but there isn't an API to set a policy to an OU

Thanks

Graham

You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/-7vQP_P2C1o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp_cm8M6rvBEORwB-d3%3Dg3U0a%2BX6xrY6FsxoYzGGnHAApQ%40mail.gmail.com.

[Jay Lee]

What triggers "quickly"?

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAGRqSOjsGeU4i5Be_HS4xBnCwgA1NaY1hN3ZFn3zLb9Q%2BXTs7g%40mail.gmail.com.