Add employee ID as a login challenge
As an administrator, you can now choose to use the employee IDs of your users as an extra login challenge that you can turn on or off.
Important: Google decides which challenge is appropriate to present to a user based on multiple security factors. This means the employee ID login challenge might not always be presented to a specific user, even if you have turned it on.
For more information on the login challenges Google use, see Verify a user’s identity with a login challenge.
Before you begin
To use the employee ID login challenge in your organization, you must first ensure that the user employee IDs are stored in your users' account attributes. You can do this in the following ways:
- Update the employee IDs directly in the user profile from the Google Admin console.
- Use Google Cloud Directory Sync to export employee IDs from Microsoft® Active Directory® or your directory server to your Google organizational unit.
- Use the Admin SDK Directory API to populate the externalIds.type:organization field with employee IDs.
- Use the CSV upload functionality in the Google Admin console.
When you add the employee ID information to your organizational unit, let your users know where they can find their employee ID and that they might be asked for it when they sign in to their Google Account. Also let them know their employee ID must only be used in official Google sign-in pages. If they prefer to verify their identity another way, they should update their recovery phone number or email address.
Note: If you turn on SSO or 2-Step Verification for your users, the employee ID login challenge isn’t presented.
Turn the employee ID login challenge on or off
From the Admin console Home page, go to SecurityLogin challenges.
To see Security on the Home page, you might have to click More controls at the bottom.
- Select the Use employee ID to keep my users more secure box.
The default setting for the employee ID login challenge is: Off.