Re: Context Aware Access with Third party applicat...

lizuno · 11-22-2023 05:26 AM

Hello everyone,

Is it possible to manage Google Sign In Service with Context aware access? For example, disabling Login with google on application like Slack,Attlasian,etc if the device isn't admin approved.

Thanks

SergioAlvarez

Hi,

In theory, you can if you implement Google as SSO, First, set Google as the SSO authority for those applications and once that is those, set those apps as SAML applications or SSO applications and when you have your CAA access levels, you will be able to assign it to those applications

lizuno

I kinda avoid using SSO due to limitation on the third party app license, instead I'd like to only block the API level. Since it works with API control(blocking the access to login to the app), I want to merge it with Google Endpoint verification with admin-approved CAA. Is it possible to do this?

SergioAlvarez

The problem of blocking over API is that they can still use just simple Email and password. I would say that you can enforce the API access control but is would not be recomended

lizuno

But if we block all the API access to the application, every time we use login with google to the application will be blocked right?

Context Aware Access with Third party application API ( Google Sign In )