Access Context Manager release notes

Access Context Manager now supports custom organization policies. This feature is generally available (GA). For more information, see Create custom constraints for Access Context Manager.

Generally available: App allowlist support for context-aware access

You can now create an access binding with a map of applications to access levels to apply access levels to specific applications, avoiding unintended effects on other applications. For more information, see Create an access binding with a map of applications to access levels.

Generally available: You can now use an internal IP address when specifying an IP address range in basic access levels.

For more information, see Creating a basic access level.

The ability to add individual VPC networks to a perimeter is generally available (GA).

Previously, all VPC networks in a host project were added to a perimeter. You can now do the following:

• Add individual VPC networks as members of a perimeter.
• Create an ingress rule to authorize individual VPC networks to access a perimeter.

Support to add individual VPC networks to a perimeter is now available in Preview.

Previously, the entire VPC host project was added to a perimeter. VPC Service Controls now supports the following enhancements:

• You can now add individual VPC networks as members of a perimeter.
• You can create an ingress rule to authorize individual VPC networks to access a perimeter.

General availability of scoped policies for VPC Service Controls.

To delegate administration of VPC Service Controls perimeters and access levels to folder-level and project-level administrators, you can use scoped policies. You can create access policies that are scoped to specific folders or projects.

General Availability release of Ingress and egress rules for VPC Service Controls.

Access levels now support checking the Storage encryption (allowedEncryptionStatuses), Require admin approval (requireAdminApproval) and Require corp owned device (requireCorpOwned) attributes of requests originating from mobile devices.

General availability of dry run mode for service perimeters.

This release introduces dry run configurations for your service perimeters, allowing you to test changes to perimeters before enforcing the changes. For more information, read about dry run mode.

General availability of the Access Context Manager Bulk API.

Use the Access Context Manager Bulk API to replace all of your organization's access levels in one operation. For more information, see Making bulk changes to access levels.

General availability of custom access levels.

Custom access levels provide a way to use Common Expression Language to craft custom conditions. Create custom access levels using the gcloud command line tool, the Access Context Manager API, and in the Google Cloud Console using the Advanced Mode for configuring access levels.

Beta release of the Access Context Manager Bulk API.

The Access Context Manager Bulk API can be used for operations such as replacing all of your organization's access levels. For more information, see Making bulk changes to access levels.

Access Context Manager support for mobile devices has entered Beta. You can now create access levels that target iOS and Android devices.

Currently, the OS policy and Require screen lock device attributes are supported for use with iOS and Android devices.

To take advantage of the new feature, your organization must use Google Workspace basic mobile device management.

The following access level attributes are now available:

• Regions
• For Device policy:
  • Require admin approval
  • Require corp owned device
  • Require verified Chrome OS

General availability of Access Context Manager.

Access Context Manager Closed Beta launch.