MFA for G Suite

Why you need MFA for G Suite

 

Authentication is the only real protection for G Suite accounts, like anything else in your IT that can be accessed online. Organizations have long thought that enforcing complex password policies was efficient but it is now widely accepted that users are better left out of the security equation. MFA is therefore the only efficient way to secure user authentication and in turn, to protect G Suite accounts.

How to add MFA to your G Suite domain

G Suite provides 2 main ways for this.

You can either authorize users to enable Google-managed 2-step verification for their account, the same way they would do it for their personal Gmail account. While this is a valid technical option, it is not favored by most organizations since they do not want to leave security decisions – activate or not MFA for organizational accounts – to end-users.

Alternatively, you can configure SSO (single sign-on) with an IdP (identity provider) enforcing MFA. As an organization, you can manage the IdP and define its security policies.

inWebo MFA for G Suite

inWebo works as an identity provider for G Suite. On the user side, this is compatible both with inWebo App-based and browser-based authenticators.

To implement inWebo MFA for G Suite, you’ll simply need to create an inWebo account for your organization and to configure both this account and your G Suite domain to trust each other using one of the aforementioned method (SSO). There’s no server or additional infrastructure to install and configure. Here is the step-by-step documentation. Our pre-sales and support engineers are here to help if you face any difficulty.

Google Authenticator or inWebo MFA?

The 3 main reasons why you should prefer the latter over the former:

  • Vendor lock: inWebo MFA is not tied to any application or vendor, it is universal and supports a lot more applications. Not only other SaaS applications (including Office 365), but also VPN, remote access, SSO, CMS, Windows Logon. Moreover, with inWebo, users only need one authenticator.
  • Convenience: inWebo MFA supports smartphones as authenticators, but also computers, tablets, and browsers, thus making the whole process frictionless including for users who don’t have a smartphone or don’t want to install IT applications on their personal phone.
  • Administration and security: while it seems pretty easy to add the support of Google Authenticator to a website with a couple of lines of code, a proper and secure administration of MFA for an Enterprise application such as G Suite is a completely different story. inWebo MFA is a turnkey solution that meets IT organizations’ complex administration requirements, not just a script to verify OTPs.