Context-aware access

Enable zero trust access to your applications and infrastructure.

View documentation for this product.



With context-aware access, you can enforce granular access controls to web apps, VMs, GCP APIs, and G Suite apps based on a user’s identity and context of the request without the need for a traditional VPN. Based on the zero trust security model and Google’s BeyondCorp implementation, context-aware access enables you to provide a simpler access for your users, enforce granular controls, and use a single platform for both your cloud and on-premises applications and infrastructure resources.

Simpler user access

Enable your users to access web applications and infrastructure resources from virtually any device, anywhere, without the complexity of remote-access VPN gateways. This is how employees, contractors, and other users at Google and many other enterprise organizations across the world get their work done today.

Zero trust security

Give peace of mind to your IT and security teams by enabling them to enforce application-level, granular access controls without maintaining a VPN infrastructure. Based on the zero trust security model and Google’s BeyondCorp implementation, context-aware access allows you to verify users’ identity and validate context before allowing access to web apps, VMs, GCP APIs, and G Suite apps.

Unified access management

Reduce complexity and cost by leveraging a unified access management platform and a single set of policies for G Suite apps, GCP infrastructure (APIs, VMs, resources), and web applications, in the cloud or on-premises. Context-aware access is built on Google Cloud’s planet-scale infrastructure and is natively integrated with Cloud Identity, an identity-as-a-service (IDaaS) solution.


VPN-less user access

Make the lives of your employees, contractors, and partners easier by allowing them to access web applications and GCP workloads (APIs, VMs, resources) without VPN, from virtually any device, anywhere.

Zero Trust security

Adopt the zero trust security model to improve your organization’s security posture as more apps and infrastructure workloads move to the cloud.

Built-in with GCP and G Suite

Context-aware access capabilities are built-in with GCP infrastructure and G Suite, making your life a little easier since it requires less effort and time to configure and enforce access policies.

Cloud or on-premises

Enforce context-aware access policies for web apps hosted on GCP, on your premises, or other public clouds, including Amazon Web Services (AWS) and Microsoft Azure.

Single platform and policies

Reduce complexity, cost, and misconfiguration chances by leveraging a single cloud platform and policy engine to control access to your apps and infrastructure resources.

Planet-scale infrastructure

Increase your confidence knowing that context-aware access is built on Google Cloud’s global infrastructure and integrated with Cloud Identity (IDaaS) and Cloud Armor (DDoS protection).



There is no charge for using Cloud Identity-Aware ProxyCloud Identity and Access Management, Endpoint Verification, and Access Context Manager to protect access to Google Cloud Platform workloads and web apps with context-aware access. However, when used with Compute Engine, the required load balancing and firewall configuration may incur additional costs. Read more about load balancing and protocol forwarding pricing in the Compute Engine pricing guide.

Using context-aware access capabilities to protect access to G Suite apps requires a Cloud Identity Premium or G Suite Enterprise license.

Google Cloud

Get started

Enable zero trust access to your apps and infrastructure.