New Risk-Based Login Challenge with 3rd-Party Identity Providers in G Suite

Login challenges are additional security measures to verify a user's identity if a suspicious attempt to access his/her account is detected. Specific login challenges presented to the user, such as entering the employee ID, are only issued if Admin has relevant details for that user.

Google has launched login security, available to organizations that use 3rd-Party Identity provider. As an administrator, you can choose to turn on two features that significantly improve account security against various attacks on user accounts. 

2-Step Verification: When someone tries to login to email accounts using new devices, he or she has to face two-step verification. Users require to verify their identity through something they know, like a password plus something they have, like a physical key or access OTP code delivered to a device. It’s also called Two-Step Verification. You will be getting a verification Pop up to allow to log in the account. 

Risk-based login challenges: If admin suspects that an unauthorized person is trying to access one of its user’s accounts, admin can protect the user with an extra security question or challenge. For example, the admin might send a verification code to the actual user’s phone. If the user can’t answer the question or challenge, the unauthorized person can’t access the account.

Admin and end-users will be impacted by this change.

These Features allow protecting the user’s account from hackers. We can also use this feature in the following ways:

• You can Increase overall account security, by griping Google's risk-based challenges for users authenticating on your 3rd-party identity provider through this feature.

• With this feature, you can use Google 2-Step Verification to store more sensitive information within Google Account.

• By these features, you can use 2-Step Verification without additional costs. You can apply these policies for users predominantly accessing Google resources at no additional cost.

Admin End: As an administrator, you can set this feature from admin console panel. Admin console > Security > Login challenges > Post-SSO verification.

Users End: If any user tries to access the Google Account in a new device, then the users will face the Two-Step Verification and Login Challenge to secure the accounts from unauthorized person.