Google Login Security Features

Google login security features can be used with 3rd-party identity providers. Admins can choose to turn on these features that significantly improve account security against various attacks on user accounts. These features are new for customers using third-party identity providers:

• 2-Step Verification, an extra verification step that automatically requests verification with certain conditions

• Risk-based login challenges, which use machine learning to analyze user access patterns, assess the risk of a malicious attack, and presents additional verification challenges when the behavior looks suspicious.

Benefits:

• This will allow to better protect users'  accounts from unauthorized access.

• Increase the overall account security by leveraging Google's risk-based challenges for users authenticating on your 3rd-party identity provider. 

• Enforce Google 2-Step Verification for certain users only. For example, you can enforce Google 2-Step Verification in combination with your 3rd-party identity provider for users with access to more sensitive information stored within Google. 

• Use 2-Step Verification without additional costs. You can enforce these policies for users predominantly accessing Google resources at no additional cost. 

Steps for set up:

• Admins: You can choose whether to enforce additional 2-Step Verification for users at Admin console > Security > Login challenges > Post-SSO verification.

• End-users: If turned on, a user will simply have to complete the 2-Step Verification using a familiar Google sign-in interface after they sign in to the 3rd-party identity provider.