When employing Context Aware Access rules, users may encounter a situation where the geographic block is in place, but the location of the IP address cannot be determined. This issue arises when third-party applications are marked trusted, but not exempted from API Access blocks.
To address this problem, follow the steps outlined below:
- Go to App Access control.
Security > Access and data controls > API Controls > Manage third party app access > Add app or Change access - Either add a new app
OR
for existing apps, hover over the app and click Change access at the left. - Go to the Access to Google data step in the stepper.
- If the application is manually trusted, select the Trusted option. The additional checkbox for exemption from API access blocks becomes active.
- For the exemption to work, the Context Aware Access policy setting needs to have the Allowlist for exemption from API access blocks in context-aware access checked so they can always access APIs for specific Google services, regardless of access levels option checked.
Warning: Understand that this checkbox will only appear for manually trusted apps. The checkbox won't be visible if the app is trusted through Marketplace allowlisting. In such cases, you need to trust the app manually. - Once you have checked the exemption box for the relevant apps, click Finish/Change Access.
- Repeat for each manually trusted app to exempt them from being blocked.
Document Version | Date | Description of Change |
1.0 | 3/18/2024 | Updated link to open in new ab |
1.1 | 7/8/2024 | Updated text for allowlist exemption checkbox and screenshot per Chenell |