This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

[Question] turn off google authenticator sync

alexgrutza
Contributor III

‎04-14-2025 09:35 AM

Does having a user turn off the "sync with google account" in Google Authenticator remove the codes from that device?

We just implemented/changed to the new SAML Profile that Google is recommending which apparently signs people out (happened to myself), and ran into issues as outlined below because the person had the sync google authenticator codes to google account enabled

  • User(s) signed out of Google (web browser or Gmail app)
  • User goes to sign into gmail app (or webpage)
  • User is redirected to our SSO platform
  • User enters username and password
  • Users is presented MFA requirement
  • Users goes to their Google Authenticator app (with cloud sync enabled)
  • Users has no access to codes because the cloud sync signed them out of their authenticator app
  • User tries to sign into google authenticator app, which directs them to our SSO platform, which asks for google auth codes, which they can't get to because they're using cloud-synced google auth codes...

In order to resolve, I provided them a temp OTP from our SSO platform so they could sign into the SSO platform. From there they were then able to log into their Google and the sync functioned again.

So before I go and tell users to not enable the cloud sync feature in google auth, I want to know if having it already configured and syncing to their google account, if they go in and disable the sync, will that remove all their codes from the google auth app and they would have to set up the app fresh?

--
CISSP | LinkedIn | @Phyxiis
Topics:
0 Kudos
Reply
3 REPLIES 3

Kim_Nilsson
Admin Moderator

‎05-06-2025 06:27 AM

It was messy all those years where I used a custom ROM for my Android phones, and reinstalled completely every few months, losing all apps and settings in the process. I switched to Authy for synced 2FA codes, and never looked back.

Then Google introduced code syncing in Authenticator! I still didn't change back, because of the very reason you mention, or at least the fear of that happening. I have maaaaaany 2FA codes, and it would be devastating if I lost them all because of such an event.

I have tested it, or rather... some of my users have had this happen to them, so I can't recommend activating the sync in Google Authenticator, unless you also keep at least one other 2FA method active, so you can get back into Authenticator, if you are logged out.

For a regular Workspace user, it's not such a big thing, as they can always get an admin to help out, like you did, @alexgrutza 

It's just one of those things that feels right... to keep 2FA and the actual account separate.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

alexgrutza
Contributor III
In response to Kim_Nilsson

‎05-06-2025 06:30 AM

Glad I'm not the only one to have experienced this issue.

 

Yes, agreed, I think the Offspring said it best...

alexgrutza_0-1746538190057.jpeg

 

--
CISSP | LinkedIn | @Phyxiis
0 Kudos
Reply

Olger
New Contributor III
In response to Kim_Nilsson

‎05-06-2025 02:13 PM

Authy used to be my goto app as well, until they ditched the desktop version and broke my backup. Being able to lock devices and having a desktop included were important features for me, as well as being able to sync between devices.

But then I found Stratum (formerly Authenticator Pro). It's open source, allows you to (auto) backup your codes, import/export and create QR Codes from existing codes so its easy to set up other apps.

0 Kudos
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines