View security settings and revoke access
This feature is not available in the legacy free edition of Google Apps.
The security settings on a user profile gives you the ability to evaluate and alter that user's security settings. In particular, you may:
- Determine if 2-step verification is in use
- Examine the user's password strength
- View and revoke application-specific passwords
- View and revoke authorized access to Google account information
- Temporarily disable the Login Challenge
To access the user Security settings:
- Sign in to the Google Admin console.
- Find the user account.
- Click the row for the user account to display the user information page.
- Click Security. Use the following features to check and enhance the user's security settings.
Determine whether the user has enabled 2-step verification at the top. You may disable 2-step verification for the user by clicking Turn off 2-step verification.
If 2-step verification is enabled, the user's backup verification codes are also available and can be displayed by clicking Show backup verification codes. See Signing in using backup codes to help users with these codes.
Examine the password strength of the user. See Password strength indicators for instructions on changing password requirements.
View the application-specific passwords created by the user. See Signing in using application-specific passwords to help users with these passwords.
Click Revoke next to any password to remove it. Click OK in the pop-up window to confirm the removal.
View the third-party services that have been granted access to the user's Google account. See How authorized access works to understand how this authorization is enabled.
The column for Service identifies what applications your users have granted access to their Google Apps data. The column for Scope of access is the list of user data that an app can access, including, but not limited to, your user’s contacts, calendar, mail, or groups.
Click Revoke next to any service to remove that authorization. Note you may only revoke service access after it's been granted. You can't pre-emptively block users from granting access to certain apps. See Revoking application-specific passwords to help users remove their own passwords.
Click OK in the pop-up window to confirm the removal.
Temporarily disable Login Challenge
If we detect that an unauthorized person is attempting to access a user's account, we present them with a Login Challenge before they can sign in. We ask the user to verify their identity either by sending an SMS with a verification code to their phone or some other challenge that only the authorized user can resolve before we grant access to their account.
Click Disable Login Challenge to disable this login challenge if the authorized user cannot verify their identity.