- Admin console
This is working to product specification. Because the enforcement of the 2-step verification is turned ON, all users will need to be enrolled in 2-step verification to be able to sign in.
As a workaround you can provide a grace period for new users:
Go to Admin console > Security > Authentication > 2-step verification page.
On New user enrollment period, change the option from None to one of the available ones to choose.
Click Save at the bottom of the page.
2-step verification is enforced but no grace period for new users was configured.