Skip to main content

Google Workspace - IDP Client - Google Authenticator

Hello good afternoon community, I hope you are very well.

I have a question, regarding the use of MFA or a two-factor authentication for users with the following case:

Users with IDP mode installed - Provisioning users to Tenant with Azure-AD . SAML Proxy for IDP - Google Worskpace.

Now if a customer wants or needs that apart from the enrollment via IDP, in this case Google Workspace, reauth must be applied at Private Access level so that every so often it performs the reauth.

Now thinking if the customer wants that when this reauth occurs, in addition to validate the Google Workspace credentials, use Google Authenticator, this configuration is not specific to Netskope, but in this case the Google Workspace itself? Is this correct?

Thank you very much community for your time, advice and collaboration.

Best regards

Hello @MetgatzNK,


Netskope only controls the interval and which identity provider is used.  The enforcement of MFA settings (caching, factors, etc) is controller by the identity provider.  In regards to “this configuration is not specific to Netskope, but in this case the Google Workspace itself” that is correct but depending on the IDP, you may be able to apply specific controls and requirements such as stronger MFA requirements or forcing password authentication every time. 


Reply