‘User Security Management’ privilege

Currently there are a number of user security management features that are available only to super admins. To increase flexibility, Google’s goal is to provide granular privileges so that some of these security features can be delegated to non-super admins.

To that end, Google has created a new privilege called ‘User Security Management’ that allows delegated admins to perform the following actions for a specific user:

Enforce or disable 2-step verification for a given user
Disable a user’s Login Challenge for 10 minutes
Retrieve/revoke application specific passwords
Retrieve/revoke 3-legged OAuth (3LO) tokens

In the past, delegated admins with any existing role with the ‘Users’ privilege were already able to disable 2-step verification for individual users. With this launch, these delegated admins will automatically get ‘User Security Management’ privileges to ensure they continue to have access to disable 2-step verification.

If an admin creates a new custom role, he/she will have the ability to selectively enable ‘Users’ or ‘User Security Management’ or both privileges going forward.

Release track:

Rapid release and Scheduled release

For more information:

https://support.google.com/a/answer/1219251#user_security

New ‘User Security Management’ privilege for delegated admins

LATEST News and Posts

Google brings Pooled Storage and Shared Drives to Business Starter customers

How to use Gmail multi-send mode

Set a catchall email address in Google Workspace and avoid losing emails

Google Meet picture-in-picture mode now available

How to set SPF and DKIM records in Google Workspace

How to use smart chips in Google Docs

Google introduced a new integrated look for Gmail

Email forwarding in Google Workspace – guide for admins and end-users

G Suite legacy free to be discontinued on July 1, 2022

How to unsend an email in Gmail

Archives

Categories

We value your privacy