cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2635
Views
0
Helpful
1
Replies

Duo for G-Suite admins

avs1
Level 1
Level 1

Can we use Duo security for 2FA for G-Suite admins?

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

When you protect Google GSuite with SSO access that features Duo (Duo Access Gateway, AD FS with Duo plugin, Okta with Duo MFA enabled, etc), “regular” GSuite admins and all end users will have to sign in with their federated account and then perform Duo MFA.

Google does not apply SSO settings to GSuite “super administrator” accounts, so those admins will continue to use username/password to authenticate. Additionally, Google does not let you selectively enable SSO for some users/admins. Once enabled it applies to everyone (except “super administrators” as mentioned.).

Learn more about the use and limitations of SSO for GSuite:
https://support.google.com/a/answer/60224?hl=en&ref_topic=6348126
https://support.google.com/a/answer/6341409

If you do not want to federate GSuite with a third-party IdP, you can require that your admins secure their Google accounts with an authenticator app for two-step verification, and instruct them to use Duo Mobile instead of Google Authenticator. When they log in they will provide a passcode generated by Duo Mobile.
https://support.google.com/a/answer/175197?hl=en

Duo, not DUO.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links