Google is rolling out a new functionality to GSuite business users. If your organization uses SAML to sign into G Suite services, Google will now show additional steps in the process. Starting 7th May, Google will now show a new screen on accounts.google.com to confirm users’ identity.
This additional layer is to ensure better security and help prevent users from unknowingly signing in to an account created and controlled by an attacker. This screen will only be shown once per account per device, and it also said that it is working on ways to make the feature even more context-aware in the future.
Google says that this additional screen is to ensure that the user is not signing into phishing campaign or clicking a link that would instantly and silently sign them into a Google Account the attacker controls. This also falls in-line with Google’s part of a larger project to create a consistent identity across Google web services and native Chrome browser services.
Google is also giving the ability to disable this feature; you can use the X-GoogApps-AllowedDomains HTTP header to identify specific domains whose users can access Google services. Users in those domains won’t see this additional screen, and this header can be set in the Chrome.