Got a requirement to provide MFA to Google Workspace (google mail, Google Classroom, etc)
Looking at Duo Single Sign-On for Google Workspace (Google G Suite) | Duo Security it says that the first steps are to configure Duo Single Sign-on and configure a working Authentication Source. Unfortunately this is a bit confusing top me.
When I go to configure an Authentication Source, it gives me the option of Active Directory or SAML.
It says that this configuration is for first-factor credentials. does that mean I need to configure AD for first factor, then SAML for 2nd Factor to secure my Google Workspace? Or do I just need to configure SAML idP to use Duo with Google Workspace, as I’ve already got the Google Cloud Directory Sync installed on my domain controllers to allow users to use their domain accounts with Google classroom?
Additionally I’ve already got an Active Directory source configured for my DirSync, to sync users up to Duo Portal.
Will it automatically use this if necessary, or do I have to explicitly create a new Authentication source just for SSO?
If I have to create a new Active Directory Authentication Proxy, do I then need to have 2 installed in my domain, one for standard dir sync and one for SSO?
After that is done, I then need to configure SAML as the “second-factor”?