I did some research to find a way to validate that external users (outside the GCP organization) have multi-factor authentication enabled. I found Google Workspace is_2sv_enrolled, but this is specific to users in the organization.
Do you know if there is any way to validate that external users have MFA enabled from Google App Engine login via Identity-Aware Proxy?
To be more specific about the problem I want to solve, here is a basic summary of the context:
I developed a solution in Python using Google App Engine and Identity-Aware Proxy so that authorized users can authenticate and have their respective IP address allowed to certain ports in a Security Group ingress on AWS, it is a solution that includes several technologies, such as: Google Application Engine, Identity-Aware Proxy, Google Compute Engine, AWS WAF, AWS API Gateway, AWS Lambda, AWS Lambda, among others.
Currently any user who is authorized in the Identity-Aware Proxy following the conditions that I can already manage, will be allowed in the Security Group ingress.
The problem: I want to limit these accesses from external users only to those who have the Google account with MFA enabled.
Thanks.