Enforcing 2-Step Verification on Google Workspace is a way to make sure that all users in your organization have an additional layer of security to protect their accounts. With 2-Step Verification, you’ll use two methods to sign in to your account, your password and a verification code that will be generated on an app or device.
Here are the steps to enforce 2-Step Verification on Google Workspace:
- Log in to the Google Workspace administrator account.
- Go to the Google Workspace Admin console.
- Click the Security icon, which is located in the top-left corner of the console.
- To set up two-step verification, click the “Authentication” tab and then click “2-Step Verification”.
- Click the “Get Started” button.
- You can start using 2-Step Verification immediately.
Or, if you prefer to start on a specific date, choose the date from which you want to enforce 2-Step Verification. Users will see reminders to enroll in 2-Step Verification when they sign in to their account starting on that date.
On from: - For Frequency, leave the “Allow user to trust the device box.” checkbox checked.
- Select the enforcement method you want to use:
- Any – User can set up any 2-Step Verification method, such as a text message or an authenticator app.
- Any except verification codes via text, or phone call – Users can set up any 2-Step Verification method except receiving verification codes via text or phone call.
- Save the form. You will be presented with the following message: Changes to 2-Step Verification settings saved.
- You can also configure the settings for App-Specific Passwords, which are unique passwords that you can use for applications that do not support 2-Step Verification. App Specific Passwords are useful for users accessing their accounts via third-party apps or services.
- If you want to be extra safe, you can set up security keys for 2-Step Verification. These are physical devices that you can use to verify your identity. Security keys use public-key cryptography and are considered the most secure form of 2-Step Verification.
- In addition to configuring security settings for your accounts, you can also configure settings for phone or email recovery. This option allows users to reset their passwords if they forget, which is helpful in case you lose or break your device or security key.
- You can also set the policy to expire the session after a certain period of time, this will make sure that the user will have to go through the 2-Step Verification process after a certain period of inactivity.
- Once you complete all the above steps, 2-Step Verification will be enforced for all selected users and groups, and they will be prompted to set up their 2-Step Verification method the next time they sign in.
- When you’re finished, click “Save” to enforce 2-Step Verification. You can also configure additional settings such as backup options and recovery options.
- By setting your 2-Step Verification policy to require all users to have 2-Step Verification enabled every time they sign in, you can help ensure that even if a user has previously signed in on a device, they will have to go through the 2-Step Verification process again.
2-Step Verification is an important tool for protecting your Google Workspace user’s accounts from unauthorized access and ensuring the security of your data. With that rule, your users can keep their accounts secure and can make sure that only they have access to it.
Here is a further reference for the end users of your Google Workspace account to enable 2-Step Verification from their own account after you have enforced the 2-Step Verification rule: