2-Step Verification policy

azizihazim · 01-29-2025 10:54 AM

I've received numerous complaints about locked accounts due to a "your organization doesn't meet 2-Step Verification requirements" message. With around 9,000 users—including teachers, staff, and students—affected, it's creating quite a bit of chaos.

How can I temporarily disable 2-Step Verification for all users except those who have already enabled it? Those who have already enabled 2SV should be able to keep it active. I understand the importance of enabling 2SV, but we're not prepared to communicate and enforce this change across our entire user base yet.

b_gorsky1

You're probably not going to like this answer but I looked into this a few weeks ago and was told that the best way to do it was to put all the users who have not activated 2SV into a group and disable 2SV for that group. Then monitor progress with a report in the admin console and remove the users from that group as they set up 2SV. Seems bizarre to me that there isn't an easier way. And I only have 200 users.

andrew231

First reply is spot on. Using a 2-step verification exception group is the way to go. More information on this can be found on this help article: https://apps.google.com/supportwidget/articlehome?hl=en&article_url=https%3A%2F%2Fsupport.google.com...

Essentially, you'll want to move users into this group until they have 2SV setup. Coordinate with those users via messaging alongside the security reports out of the admin console to track their progress through the enrollment. Once enrolled, that user can be moved out of the corresponding group (or OU depending on which method you use to manage the users not configured).

I'd also recommend making the enrollment process part of onboarding, using the built-in settings like grace period to your advantage.

Cheers and good luck.