Problem
You are not able to sign in as a newly created user, receiving an error regarding your settings not meeting the organisation's two step verification policy.
Environment
- Admin console
- Security
Solution
This is working to product specification. Because the enforcement of the 2-step verification is turned ON, all users will need to be enrolled in 2-step verification to be able to sign in.
As a workaround you can provide a grace period for new users:
-
Go to Admin console > Security > Authentication > 2-step verification page.
-
On New user enrollment period, change the option from None to one of the available ones to choose.
-
Click Save at the bottom of the page.
Note: During the grace period configured, new users can sign in to their accounts without being prompted to the 2 step verification and enroll in 2 step verification afterwards.
Cause
2-step verification is enforced but no grace period for new users was configured.