Google Apps SAML, Two-Step Authentication and App Passwords Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfozqa4&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Rocky ReyesRocky Reyes 

Google Apps SAML, Two-Step Authentication and App Passwords

Hello fellow Oktans,

I am planning my Google Apps SAML integration. We have plenty of users that set up Google 2-Step Authentication in order to generate App Passwords for their mobile devices and mail clients such as Mac Mail and Outlook.

I assume we will be bypassing Google's 2-step since we will be using Okta MFA going forward. But if we do that, will the App Passwords expire?

Can someone help me understand this?

Thank you!
Rocky ReyesRocky Reyes
I was told by Okta Customer Care that Okta does not have a solution for this.

This will render SAML for Google Apps (or G suite) virtually useless as several users are dependent on mail apps on both their computers and mobile devices. These applications can only be used with Google App Passwords, which are not supported by Okta.

Now, we could keep Google 2-Step in place, but having users endure Okta MFA in addition to Google 2 step sounds laborious and would make the case to NOT use SAML for Google Apps. 

If I am wrong in my thinking, please feel free to chime in and correct me. Or if you have deployed Google Apps SAML for Okta, please chim in as well!
Jesse WrightJesse Wright
Has OKTA added support for Google application specific passwords yet? If our users cannot use email clients with Google application specific passwords that is a big problen for us. 
Jesse WrightJesse Wright
OKTA support told me that Google application-specific passwords will continue to work after enabling SAML for G Suite.