Add employee ID as a login challenge
Login challenges are extra security questions that help to prevent unwanted access to an account. As an administrator, you can add employee ID as an optional extra security question when we suspect that an unauthorized person is trying to access a user’s account.
Important: Google decides which extra security question is appropriate to present to a user based on multiple factors. This means we might not always ask users to confirm their employee ID, even if you have turned that login challenge on.
For more information on the login challenges Google use, see Verify a user’s identity with a login challenge.
Before you begin
To use an employee ID as a login challenge, you must first ensure that the user employee IDs are stored in your users' account attributes. You can do this in the following ways:
- Update the employee IDs directly in the user profile from the Google Admin console.
- Use Google Cloud Directory Sync to export employee IDs from Microsoft® Active Directory® or your directory server to your Google organizational unit.
- Use the Admin SDK Directory API to populate the externalIds.type:organization field with employee IDs.
- Use the CSV upload functionality in the Google Admin console.
When you add the employee ID information to your organizational unit, let your users know where they can find their employee ID and that they might be asked for it when they sign in to their Google Account. Also let them know their employee ID must only be used in official Google sign-in pages. If they prefer to verify their identity another way, they should update their recovery phone number or email address.
Note: If you turn on SSO or 2-Step Verification for your users, the employee ID login challenge isn’t presented.
Turn the employee ID login challenge on or off
From the Admin console Home page, go to SecurityLogin challenges.
To see Security on the Home page, you might have to click More controls at the bottom.
- Select the Use employee ID to keep my users more secure box.
The default setting for the employee ID login challenge is: Off.