This is more a Google Workspace question than a Tailscale question, but maybe there are users who encountered the same use-case as mine.
I am using Google Workspace as my identity provider where I have setup that 2FA is mandatory (Yubikey).
Being paranoid, I have set the Key Expiry to 1 day, to require a fresh login to Google Workspace every day Tailscale is used. However, I’d like one or both of the following events to occur:
- Google should ask for 2FA authentication every time Tailscale tries to re-authenticate after key expiry
- When using Tailscale SSH with check mode, 2FA should be enforced by Google
I have searched the Google Workspace Admin console, but found no options to enforce this.
Can somebody give me some guidance how to achieve this?