Do you want to force people to use multi-factor authentication or do you want to make this possible? The latter is possible with Google authentication, i.e. any individual user can enable multi-factor authentication on their account, but I am not aware of any possibility to enforce that.
This is different when you use an external authentication service, which you can then integrate using proxied authentication. The next release (currently in preview) will make this easier by providing two standard protocols (OpenID Connect and SAML 2.0) for integrating with such an authentication service out of the box.