I use pritunl-zero for for some web services and we identified through the SIEM logs that a user, when authenticating via Google SSO in the service that is in pritunl-zero, makes a request to an external IP. Question, does Pritunl-zero use any external service to authenticate users via sso? Is this behavior normal?
The Google Oauth authentication is done through the auth.pritunl.com servers using the Pritunl app registered on Google. The Google API key in the Pritunl Zero settings is used with the Google API servers to do an additional check that the users account is active and to query the Google Workspace groups.