Use Google 2-Step Verification and risk-based login challenges with 3rd-party identity providers

Google Workspace news

What’s changing 

We’re making two Google login security measures available to organizations that use 3rd-party identity providers. Admins at these organizations can choose to turn on two features that significantly improve account security against various attacks on user accounts. These features are new for customers using 3-party identity providers:

  • 2-Step Verification, an extra verification step that automatically requests verification when certain conditions are met (for example, when someone tries to log in on a new device or browser). Learn more about 2-Step Verification
  • Risk-based login challenges, which analyzes user access patterns and assesses the risk of a malicious attack, and presents additional verification challenges when the behavior looks suspicious. Learn more about risk-based login challenges

Who’s impacted 

Admins and end users

Why you’d use it 

This will allow you to better protect your users’ accounts from unauthorized access. You can use this feature to:

  • Increase overall account security, by leveraging Google’s risk-based challenges for users authenticating on your 3rd-party identity provider. 
  • Enforce Google 2-Step Verification for certain users only. For example, you can enforce Google 2-Step Verification in combination with your 3rd-party identity provider for users with access to more sensitive information stored within Google. 
  • Use 2-Step Verification without additional costs. You can enforce these policies for users predominantly accessing Google resources at no additional cost. 

How to get started 

  • Admins: You can choose whether to enforce additional 2-Step Verification for users at Admin console > Security > Login challenges > Post-SSO verification. Use our Help Center to learn more about 2-Step Verification with 3rd-party identity providers
  • End users: If turned on, a user will simply have to complete the 2-Step Verification step using a familiar Google sign-in interface after they sign in to the 3rd-party identity provider. Learn more about Google 2-Step Verification
Verificación en 2 pasos

Admin controls available for verification enforcement when using a 3rd-party identity provider

Helpful links 


Rollout details

G Suite editions 
Available to all G Suite and Cloud Identity editions.

On/off by default? 
This feature will be OFF by default and can be enabled at the OU level.

Stay up to date with G Suite launches

I would like to receive more information