SecSign does provide a solution to use a two-factor solution with JIRA Clound and Confluence Cloud.
Therefor we already have opend a ticket (https://ecosystem.atlassian.net/browse/JSDECO-62) to be listed as Identity Provider for a SAML login.
Using Google Domains does indirectly allow you to enforce the use of 2FA but that's clearly not for anyone.
Also my impression is that even if you enable login via Google Domains, once logged in people will be able to create an Atlassian ID with a password and use these to login.
If their account is disabled they will lose access to the system but still, it means that they can still login without a 2FA (this being used for the original login, after this being optional)