Administrators can now apply a global context-aware access (CAA) policy to all SAML applications within their organization. This update introduces a default assignment that serves as a universal security baseline, automatically protecting any SAML-based app that does not have a specific policy already assigned. By establishing this « secure-by-default » posture, IT teams can help protect internal data and third-party SaaS tools as new applications are integrated into their ecosystem.
This global control significantly reduces the administrative burden of managing security for applications at scale. Instead of manually configuring rules for every individual SAML app, administrators can set a single policy to cover their entire environment. Specific application-level policies will still take precedence, allowing for granular control where needed while the global policy acts as a reliable safety net.
These default policies support both Monitor and Active modes, providing flexibility in how security requirements are phased in. Detailed audit logs will capture these enforcement events, and remediation messages help end users understand how to resolve access issues independently.
Admins can configure CAA policies for all SAML apps in the Admin console under Security > Context-aware Access > General settings.
Getting started
- Admins: This feature will be OFF by default and can be enabled at the OU or group level. Visit the Help Center to learn more about applying a default context-aware access policy for all SAML apps.
- End users: This feature is available to admins only.
Rollout pace
- Rapid Release and Scheduled Release domains: Available now
Availability
- Enterprise: Enterprise Standard and Plus
- Education: Education Standard and Plus
- Other Editions: Frontline Standard and Plus; Enterprise Essentials Plus; Cloud Identity Premium
Resources
- Google Workspace Admin Help: Apply a default Context-Aware Access policy for all SAML apps
- Google Workspace Admin Help: Deploy Context-Aware Access