This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Enforcing 2-Step Verification for all Admin accounts

Posted on 02-02-2024 08:29 AM
Graham-Ingleby
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I saw the announcement of enforcing Admin accounts to use 2-Step Verification and have a couple of questions

  1. Does this apply just to Super Admin users or does it also apply to anyone with an Admin Role?
  2. Will scripts that run as a Super Admin be affected? How will this work as we want the scripts to run without any manual input, are scripts exempt from needing to enter a 2SV code?

Thanks very much
Graham

Solved Solved
0 5 1,364
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
icrew
Gold 4
Gold 4
Reply posted on --/--/---- --:-- AM

1) Iโ€™m not sure, but I will advise in the strongest possible terms that you really (really, really) want to have ALL your users, not just admins, using 2SV in this day and age, given the security threats out there. 

2) Scripts should use server-to-server OAuth to authenticate, not a username and password.

Hope that helps,

Ian

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
icrew
Gold 4
Gold 4
Reply posted on --/--/---- --:-- AM

1) Iโ€™m not sure, but I will advise in the strongest possible terms that you really (really, really) want to have ALL your users, not just admins, using 2SV in this day and age, given the security threats out there. 

2) Scripts should use server-to-server OAuth to authenticate, not a username and password.

Hope that helps,

Ian

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Graham-Ingleby
Bronze 5
Bronze 5
In response to icrew
Reply posted on --/--/---- --:-- AM

Thanks Ian

I agree about all users having 2SV and we do enforce that for all accounts - except the one that runs our scripts. Based on the second part of your reply, we should be applying 2SV to that account as well as it will not impact the running of the scripts, so that is my next job!!

Appreciate your help

Graham

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
KevinApodaca
Staff
Reply posted on --/--/---- --:-- AM

admins are any user with permissions belonging to workspace services.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Graham-Ingleby
Bronze 5
Bronze 5
In response to KevinApodaca
Reply posted on --/--/---- --:-- AM

Thanks, that helps clarify that part

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
duncan_nash
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi there,

it will apply to any account that has been assigned an admin role.

I got hit by this on one of our shared mailbox / role accounts. As a super admin you can generate a new set of backup codes that can then be used to actually sign in to the account to setup 2sv correctly

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all