Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
1
Helpful
2
Replies

Google Cloud Platform

pedrotor
Level 1
Level 1

‎06-08-2021 10:20 AM

Hi folks,

We currently protect GCP for all of our users.

Over the last few months, 4-5 users have been locked out due to GCP push requests popping up on their phones. They are not explicitly requesting these. The odd thing is that they come up exactly every 5 minutes until they are either locked out or they clear their browser cache (seems to only happen on Chrome). I know that these users don’t actually need access to GCP but are using other Google services like Youtube, gmail, etc.

I’ve posted this in the Google Cloud user groups and they suggest it might be something to do with a refresh token.

I’m just wondering if anyone else has come across this? Also, if I choose to protect GCP for only the users who do in fact use GCP, what behavior can I expect for my other users when they go to login to Youtube, gmail, etc.?

Any advice would be appreciated!

Thanks,
Pedro

0 Helpful
2 Replies 2

Amy2
Level 5
Level 5

‎06-10-2021 02:18 PM

Hey Pedro,
Thanks for sharing your question here! I’m hoping another admin or someone who has experienced this before can weigh in with some help. I see that you had a support case with the Duo team about this, and they said we couldn’t identify the origin of these requests and to investigate locally on the client side, which it seems you’ve done. My searches so far haven’t turned up anything, and I haven’t heard of other customers experiencing this before (but that doesn’t mean they haven’t!).
Not a super helpful response, I know. I just wanted to add some additional context for anyone else who sees your post and wants to respond.

Because G Suite and Google Cloud Platform (GCP) share the underlying domain’s authentication configuration (see this help article for reference), the way you protect GCP logins is using the Duo integration for G Suite, so my expectation is that those users who are not enrolled in Duo for GCP would be prompted to enroll or denied access, depending on your New User Policy settings. You could potentially set those users to bypass status (see Changing Users Status for more details) to allow them access without 2FA, but I’m not sure if that’s the best option.

0 Helpful

pedrotor
Level 1
Level 1

‎06-15-2021 07:07 AM

Thank you Amy!

Yes, DUO was very helpful with the limited insight they have into this situation. I searched too and I couldn’t find much info. It hasn’t happened again and I’m confident it’s not malicious in nature (the 5 min attempts had us worried). So I think I’m going to leave it and communicate with my users and see if eventually I can pinpoint the behavior that creates these requests. The refresh token makes sense, I just don’t know what kicks it off as I use Youtube and other google services and don’t get the same requests.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents