Your users might use a third-party identity provider (IdP) to authenticate users. Here's how 2-Step Verification (2SV) works with third-party IdPs.
Single sign-on services
Using single sign-on (SSO), employees can sign in once to use many cloud apps. An identity provider (IdP) authenticates users to access company resources.
Users
If you’re using a third-party IdP to authenticate users for accessing Google products and SSO is enabled for your top-level organization, by default Google's 2-Step Verification doesn't apply when users sign in through that SSO service.
You can set a policy to allow additional risk-based authentication challenges and 2-Step Verification (2SV) if configured.
Super admins
Super administrators don't use SSO when signing in to their administrator accounts. If they’re enrolled in 2SV, they must provide a second authentication factor when they sign in.