Google Apps SAML, Two-Step Authentication and App Passwords
Hello fellow Oktans,
I am planning my Google Apps SAML integration. We have plenty of users that set up Google 2-Step Authentication in order to generate App Passwords for their mobile devices and mail clients such as Mac Mail and Outlook.
I assume we will be bypassing Google's 2-step since we will be using Okta MFA going forward. But if we do that, will the App Passwords expire?
I was told by Okta Customer Care that Okta does not have a solution for this.
This will render SAML for Google Apps (or G suite) virtually useless as several users are dependent on mail apps on both their computers and mobile devices. These applications can only be used with Google App Passwords, which are not supported by Okta.
Now, we could keep Google 2-Step in place, but having users endure Okta MFA in addition to Google 2 step sounds laborious and would make the case to NOT use SAML for Google Apps.
If I am wrong in my thinking, please feel free to chime in and correct me. Or if you have deployed Google Apps SAML for Okta, please chim in as well!