How it works

  1. You enable 2-Step Verification for your domain in your Google Admin console. See Set up 2-Step Verification for your domain for how to enable 2-Step Verification for your account. We recommend that you notify your users of this new security process and include instructions on how to get started.

    Note: Although users must opt-in to 2-Step Verification themselves, you may require them to do so. Do not make this change until all users have opted in, or they will be locked out of their managed Google account (for example, G Suite or Cloud Identity). See the Enforcement article for instructions.

  2. The user enrolls in 2-Step Verification and selects the method for receiving their verification code on their mobile phone: Google prompt, the Authenticator app, text message or phone call. 
  3. The next time the user signs in to their managed Google account on a new browser or device, they enter their username and password as usual. They're then prompted with a second page to enter a verification code. When your user checks Remember verification for this computer, they're only prompted to enter a verification code once every 30 days per browser or after deleting their browser's cookies. Your users should not check this if they're at a public or shared computer.
     
  4. Depending on how they opted to receive their code, the user gets their time-based, one-time code from the Google Authenticator app on their smartphone or via text message or phone call. They then enter the code to successfully sign in.