- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2024 12:54 PM
Hello everyone,
I was looking for information on how to deploy Duo for a customer using G Suite emails. This customer doesn't have a Windows server or any other authentication source. Is it possible to deploy the Duo MFA solution?
Thanks!
Solved! Go to Solution.
- Labels:
-
Deployment Strategy - General
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2024 02:06 PM
@jcuni You're right to suspect the prior answer, as it's not possible to protect Google Workspace logins with Duo SSO while also using Google Workspace as the SAML authentication source (it creates an infinite loop scenario where Google redirects to Duo which redirects back to Google and so on).
There is not currently another good option for Duo MFA protection for Google Workspace. A possibility is to deploy Google.s Secure LDAP service https://support.google.com/a/answer/9048516?hl=en and use that in place of Active Directory in a Duo SSO AD authentication source configuration, but it is complex and not explicitly supported by us.
We are exploring options to support Google Workspace with Duo that don't require on-premises domain components. You can contact Duo Support or a Duo Care rep/Cisco AE (if you have one) to add yourself as an interested party to the feature request for Google Workspace support without AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2024 02:45 AM
Hi,
Yes it is possible to use Gsuite as a authentication source. You will have to configure SAML authentication for that. This will require SAML configuration on the Gsuite as well and appropriate Gsuite tier which supports SAML.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2024 08:47 AM - edited 11-14-2024 06:55 AM
Hi @amitspanchal , thank you for your prompt answer. The problem is i have this disclaimer from Duo:
That’s why I have a question about how to implement Duo using a different method.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2024 02:06 PM
@jcuni You're right to suspect the prior answer, as it's not possible to protect Google Workspace logins with Duo SSO while also using Google Workspace as the SAML authentication source (it creates an infinite loop scenario where Google redirects to Duo which redirects back to Google and so on).
There is not currently another good option for Duo MFA protection for Google Workspace. A possibility is to deploy Google.s Secure LDAP service https://support.google.com/a/answer/9048516?hl=en and use that in place of Active Directory in a Duo SSO AD authentication source configuration, but it is complex and not explicitly supported by us.
We are exploring options to support Google Workspace with Duo that don't require on-premises domain components. You can contact Duo Support or a Duo Care rep/Cisco AE (if you have one) to add yourself as an interested party to the feature request for Google Workspace support without AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2024 07:02 AM
Thanks for confirming, @DuoKristina. That's exactly what I experienced, a loop when trying to log in. I think the best option in this scenario is to deploy Google Authenticator.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2024 08:01 AM - edited 11-14-2024 08:01 AM
Duo Mobile can be used for passcode generation for third-party accounts. This means that a user won't receive a Duo Push request at login, but can generate a passcode to use to log in when prompted by Google - similar to using Google Authenticator.
https://guide.duo.com/third-party-accounts
An even more secure option than OTP authenticator apps is using a passkey. https://support.google.com/a/answer/13529161?hl=en
While Duo SSO isn't an option yet for pure Google auth without AD, Duo does fully support roaming and platform WebAuthn authenticators as passkeys, so if a userbase is already used to passwordless login to Google with passkeys before using Duo's platform they're well positioned to move to Duo to continue passwordless authentication with passkeys when the time is right.
