vydjs (vydjs) asked a question.
I'm playing around with IP Zones and Authentication policies, where if an authentication policy is met (in this case, your IP is within an accepted zone), you will see all the apps assigned within Okta. This includes Google Apps such as Gmail, Calendar, Drive, etc.
I'd like to have another condition, if your IP is NOT in an accepted zone, then you will only see the Gmail app.
I was thinking of keeping my current Google Workspace Okta app integration then applying the authentication policy if they met all requirements. Then I was thinking of creating a second "Google Workspace" app, only checking the Gmail box; applying an authentication policy of "Any". But with SAML, it obviously doesn't work because of the original Google Workspace SAML integration.
Any creative ideas out there? Or something I haven' t thought of?
Hi @vydjs (vydjs) , Thank you for reaching out to the Okta Community!
Unfortunately this isn't supported. For Okta SSO with Google Workspace you only have the 2 options. SWA which is just credential injection so no access management and SAML with authenticates the user against the entire Google Domain so after that it would be the SP's purview.
I was looking over some of their docs, and it does not seem to be supported there either but please check it out and see if you find anything useful:
https://support.google.com/a/answer/9275380?hl=en&ref_topic=9262521
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Upvote or Select as Best on responses. Try it today.