What should your organization do?

Your organization is preparing to deploy Workspace and will continue using your company’s existing identity provider for authentication and single sign-on (SSO). In order to migrate data from an external system, you were required to provision each user’s account in advance. Your IT team and select users (~5% of the organization) have been using Workspace for configuration and testing purposes. The remainder of the organization can technically access their accounts now, but the IT team wants to block their access until the migrations are complete.

What should your organization do?

A. Remove Google Workspace license to prevent users from accessing their accounts now.

B. Suspend users that the organization does not wish to have access.

C. Add the users to the OU with all services disabled.

D. Use Context-Aware Access to simultaneously block access to all services for all users and allow access to all services for the allowed users.

View Answer

Answer: D

Explanation:

Context-Aware Access allows you to enforce granular access controls based on a variety of conditions like user identity, device security status, and more. In this scenario, Context-Aware Access can be configured to block access to Google Workspace services for all users except the IT team and those select users involved in configuration and testing. This way, you can ensure that only authorized personnel have access to Google Workspace while the migrations are in progress.

Let’s examine the other options:

A. Removing Google Workspace licenses would indeed prevent users from accessing their accounts, but it could disrupt the IT team and select users who are using Workspace for testing and configuration. It’s also not a flexible solution for a temporary access block.

B. Suspending users will prevent them from accessing their accounts, but this action could be disruptive and may require manual effort to unsuspend users later. This could also potentially confuse users if they find their accounts suspended without context.

C. Adding users to an Organizational Unit (OU) with all services disabled would effectively block their access but might require reconfiguration when you want to grant them access later. This approach also involves manually managing OUs, which could become cumbersome.

Option D allows for the most granular and flexible control and can be easily updated as the migration progresses, making it the most suitable choice for this situation.