Force Google to ask for 2FA more often

This is more a Google Workspace question than a Tailscale question, but maybe there are users who encountered the same use-case as mine.

I am using Google Workspace as my identity provider where I have setup that 2FA is mandatory (Yubikey).

Being paranoid, I have set the Key Expiry to 1 day, to require a fresh login to Google Workspace every day Tailscale is used. However, I’d like one or both of the following events to occur:

  • Google should ask for 2FA authentication every time Tailscale tries to re-authenticate after key expiry
  • When using Tailscale SSH with check mode, 2FA should be enforced by Google

I have searched the Google Workspace Admin console, but found no options to enforce this.

Can somebody give me some guidance how to achieve this?


1 Like