Prevent new users from being locked out due to 2 step verification enforcement


You are not able to sign in as a newly created user, receiving an error regarding your settings not meeting the organisation's two step verification policy.


  • Admin console
  • Security


This is working to product specification. Because the enforcement of the 2-step verification is turned ON, all users will need to be enrolled in 2-step verification to be able to sign in.

As a workaround you can provide a grace period for new users:

  1. Go to Admin console > Security > Authentication > 2-step verification page.

  2. On New user enrollment period, change the option from None to one of the available ones to choose.

  3. Click Save at the bottom of the page.

Note: During the grace period configured, new users can sign in to their accounts without being prompted to the 2 step verification and enroll in 2 step verification afterwards.


2-step verification is enforced but no grace period for new users was configured.