Admins can now apply Context-Aware Access (CAA) policies to OpenID Connect (OIDC) applications. OIDC apps are a subset of OAuth apps that use Google sign-in for authentication. Administrators can set a default policy for all OIDC apps using a single setting. This new feature allows for granular access control based on user identity, location, device security, and IP address. These policies can be applied to users on both personal and managed devices. The setting can also be used in monitor mode to assess potential user impact before full activation. The configuration is managed within the Admin console under Security > Context-Aware Access > General settings. End users may experience access to certain apps when using Google sign-in or may be blocked with remediation options provided. This feature is rolling out starting August 26, 2025, and is available for various Google Workspace editions and Cloud Identity Premium.