Introduction
2FA as it’s known popularly, or 2 Factor Authentication is now becoming the de facto standard for organizations around the globe. T and J, are individuals who are in the process of setting up an organization on the Google Cloud Platform.
The first step to be followed as a best practice is to enable 2FA for all the users that would be provided access after the completion of Cloud Foundations. They are met with a blocker as the steps to be followed for this task are not known.
And, this is a short walkthrough on “How to Enable 2FA on a Google Workspace”.
Prerequisites
1. Permissions required on Admin Console
Now, you must be familiar with the Admin Console from Google. It is a centralized hub that can be used to perform administrative actions such as:
· Add/Update/Remove users
· Add/Update/Remove groups
· Manage Domain and Billing
· Security settings
· Logging and other activities
The user must be granted the “Super Admin” role in the organization.
Setup
1. In order to check if the user has the required set of permissions, login to “https://admin.google.com”.
2. If you get the following message, then the user does not have any permissions on the console:
a. In this scenario, you must use valid super admin credentials.
3. After successfully logging in as a valid user, the admin console would look like:
4. To validate if the currently logged in user has been granted the “Super Admin” permissions, follow the below mentioned steps:
i. Click on “Users”
ii. Select the “Username” of the credentials used.
iii. Check if the “Super Admin” role is attached in the “Admin Roles and Privileges” section.
5. Navigate back to “https://admin.google.com” and click on “Security”.
6. Click on “2 Step Verification”.
7. Under “Authentication”, click on “Allow users to turn on 2-Step Verification” and select “Off” as the enforcement. Click on Save.
· NOTE: If you directly set the enforcement status to “On/On from”, and have not configured 2FA for the super admin account then you will be getting an error message stating “Enroll yourself in 2-step verification before enforcing it.”
8. Navigate to “https://myaccount.google.com”. Go to “Security” and under “Signing in to Google”. Setup your 2FA.
9. Once done, navigate back to “https://admin.google.com”. Go to Security, and select “2 Step Verification”.
10. Change the “Enforcement” to “On” and select a buffer period that will be granted to every new user in order to setup 2FA, it can be a specific date or you can select the appropriate option from “New user enrollment period”. If a user fails to set it up will lead to the account being blocked. The blocked user will be requested to contact the super admin to grant access.
11. You can customize the policy to “Allow user to trust a device” and select the 2FA technique.
12. Click on Save.
Conclusion
Thus, T and J have successfully enabled 2FA for the organization. This serves as an example to enable 2FA for your organization and enhance the security of users as well as the company.
References
