Making 2-Step Verification deployment easier
What’s new: Security Key Enforcement was launched in January 2017 and allows a G Suite Enterprise domain admin to enforce the use of security keys as a two-factor authentication option to protect users against phishing. In addition to security key enforcement, G Suite domain admins also have the options of other 2SV methods such as the Google Authenticator app, text message, or phone call. To make 2SV deployment easier at your domain, we’ve added two new options in the Admin console:
Admin-led security key enrollment for end-users: Admins can now enroll security keys on behalf of their users. After navigating to the User page from Admin console, click ADD NEW KEY, and you can add a new security using the standard security key enrollment process.
2SV enrollment periods: Currently, whenever a new user is created in an organizational unit where two-step verification (2SV) is enforced, that user has to use 2SV from his or her first login. From administrator feedback, we found that enrollment periods would help onboarding users to 2SV more efficiently.
Going forward, administrators can now specify an enrollment period from the Admin console, during which newly created users can sign in with just their passwords and complete their 2SV setup.