Using Reverse Proxy as a Service with Google Workspaces
Using Reverse Proxy as a Service with Google Workspaces
There are requirements needed for licensing as well as caveats which warrant mentioning. You will need to be licensed for Protect your business with Context-Aware Access – Google Workspace Admin Help . There are a limited number of applications at this point which context awareness works with or for, as shown below.
 |
For SAML apps, policy evaluation occurs during sign-in to the app.
- Third party SAML apps that use Google as the identity provider. A third-party identity provider (IdP) can also be used (third-party IdP federates to Google Cloud Identity and Google Cloud Identity federates to SAML apps). For more information, go to About SSO – Google Workspace Admin Help.
- Context-Aware Access policies are enforced when a user signs in to a SAML app. For example, if a user signs in to a SAML app at the office and walks over to a coffee shop, a Context-Aware Access policy for that SAML app isn’t rechecked when the user changes location. For SAML apps, the policy is rechecked only when the user session ends and they sign in again.
- If a device policy is applied, web browser access on mobile (including mobile apps that use a web browser for signin) is blocked.
- Context aware access policies for custom SAML applications are validated at sign-in where applications within the Google Workspace are continuous. If a user decides to disable the client after authenticating and accessing the SaaS application, they will be denied access to the application since the check is continuous.
Cloud Identity Premium allows for only the following context awareness policies.
 |
In addition, endpoint management will need to happen on desktops and mobile devices. For more information, go to Create Context-Aware access levels – Google Workspace Admin Help.
