Set up 2-Step Verification
Enforcement and access to user backup codes are available to Google Apps for Business, Education, and Government but not Standard edition.
Follow the instructions here to make 2-Step Verification mandatory:
- If you will require 2-Step Verification of all users in the domain or within an existing organizational unit (OU), you may skip this step. If you need to have a different 2-Step Verification setting for a select group of users within an organization, create an admin-managed group containing all such users. See Use exception groups for detailed instructions on creating custom groups.
- On the Dashboard, click Reports, then select Additional Reports.
- Click Download under 2-Step Verification Enrollment Report. Please note this report is available only if you allowed users to turn on 2-factor authentication as described in Set up 2-Step Verification for your domain.
- Examine the CSV file and ensure all users to be forced into 2-Step Verification are already enrolled in it, indicated by "true" in the enrolled_2-step_verification column, like so:
account_name, enrolled_2-step_verification, enforced_2-step_verification "email@example.com", true, false
- On the dashboard, click Security > Basic settings > Enforce 2-Step Verification on users.
- Select the organization where you wish to make 2-Step Verification mandatory. Then select Turn on enforcement.
- To have a suborganization inherit the 2-Step Verification setting from its parent organization, click the Use inherited button that appears near the right margin when you hover over the Authentication pane.
- If you would like to exempt a group of users, select the group name (created in step 1) on the right-hand side keeping the organization selected on the left-hand side of the page and select Turn off enforcement. This will apply 2-Step Verification to all users in the selected organization except the users in the exception group.
- Save your changes.
All users of the selected organization are now required to enter a secondary code from their mobile device.