In this blog post, we will learn how to auto reminds new users of enrolling in 2FA is a complex matter in Google Workspace. Know the simplified process with Foresight. 2-factor authentication, 2FA is a significant feature of Google Workspace. Administrators can force new users to enroll in 2FA to protect their accounts with an extra layer of protection from hackers. Thus they set a 2SV enrollment grace period for the users. The users need to enroll in 2FA within this time. Otherwise, they will be locked out and can’t sign in to their Google account.

Thus Foresight creates a new feature to remind users to enroll in 2FA within this period. This will keep them aware of enrolling in 2FA. In this article, we will learn so.

Why need to auto reminds new users of enrolling in 2FA?

1.      Google admin new users need an extra security layer to protect their Google account from cyber criminals. They might try to steal your account password to hack your important data and files. Thus the Google Admin takes the action of 2SV Enforcement. to enhance your account security.

2.      For an organizational unit, users working with sensitive and business data like financial reports, employee data, hiring details, etc., must protect their data with a 2SV enrolled Google account. Thus, the Admin must mandate its own and these users’ accounts for 2FA.

3.      A small team or group in an organization may require a particular 2-step verification, 2SV method like - Security keys, Google prompt, Google authentication app, or Backup codes because the company mandates it. 

4.      You need to activate your 2FA to avoid account lockout when your company gives you a 2SV enrollment grace period.

Know more: Protect your business from 2-step verification.

How to auto reminds new users of enrolling in 2FA in Google Workspace with Foresight?

Foresight helps to streamline your business process by automating the Google Workspace workflow. You don't need any coding knowledge to use this platform. Mainly it simplifies the complex workflow that can't be deployed with the native Google Cloud services. Thus it helps to remove repetitive tasks for the Admin and users to save their valuable time.
Google Admin console has the 2SV enforcement and enrollment grace period features. But it doesn't provide any feature of sending a reminder email to inform users of the enrollment period. Here, Foresight comes to help the users with this feature. This is another edge of Foresight over Admin Console, and it helps to increase productivity.

Instructions

Demo Video

We will divide our steps into two rules-

  • Rule A –  Auto Create Google Calendar event upon user creation: To create a Google Calendar event automatically for new user creation. This event will start after three days of user creation.
  • Rule B – Auto sends email reminder: Automatically sends the reminder email to the user for the 2FA when the event created in Rule A will start.

Rule Setup

  1. Log in to the Foresight account with your Google Admin account. Go to the Rules page and click the New Rule (+) button.
  2. First, create Rule A.
    1. Select the User created trigger and click Next.
    2. Select the Create datetime action.
    3. Select the Current Datetime variable, In Source datetime.
    4. Keep the Time zone field unchanged. 
    5. In the Time change steps, set the step Add 3 Days. This is the date-time when the user will get the reminder. It means the reminder would be sent after the 3 days of the new account creation.
    6. In the Variable name, write Reminder Datetime.
    7. Click ADD NEXT ACTION and select Create calendar event.
    8. In Calendar, select Primary Calendar. Also, you can choose any other calendars if you need them.
    9. In the Event title, type "2FA Reminder {{ select the Primary Email variable }}".
    10. In Start time, click the v icon, in the right corner of the field, and select the Reminder Datetime variable. Leave other fields the default.
    11. Click Review and give a rule name and create rule A.
  3. Now, we will create Rule B.
    1. Select the Calendar event started trigger.
      1. In Calendars, select Primary Calendar. It needs to match the calendar in rule A's Create calendar event action.
      2.  In the Event title, enter "2FA Reminder" (with double quotes), this Event Title is the same that we have given in Create Calender Event action while creating Rule A.
    2. Click Next and select the Get calendar event info action.
      1. In Calendar, select the Calendar Id variable.
      2. In Event, select the Calendar Event Id variable.
    3. Click ADD NEXT ACTION and select Extract data from text action.
      1. In the Source text, select the Event Title variable.
      2. In the Data type to extract, select EMAIL.
      3. In Selection, keep the default value of 1
      4. In the Variable name, enter "User Email".
    4. Click Add next action and select Get user info action.
    5. In Primary email, select the User Email variable.
    6. Click ADD NEXT ACTION and select If action.
      1. Rename “Branch 1” to “Not Enrolled in”.
      2. Rename “Fallback Branch” to “Enrolled in 2FA”
      3. In the first branch “Not Enrolled in 2FA”, set the condition “2SV Enrolled? to false”.
    7.  Click ADD NEXT ACTION under the first branch of the if condition and select Email Action.
      1. In To, select the User Primary Email variable
      2. In Subject, enter the email subject
      3. In the Email Body, type the below text. you can enter the personalized data using variables. To insert variables, type {{ and a list will pop up with all variables.
    8. Click Review give a rule name and create rule B.

Triggering Rule.

Now you have to trigger the rule from the admin console by creating a new user. To create a new user, go to the Directory > Users > Add a new user, and fill all the details, then click ADD NEW USER button.

Verifying Results:

After creating this user, a calendar event will be created automatically. 

The logs page shows the successful triggering of Rule-A.

After the 3 days, the users will be reminded if they still need to enroll for 2FA.

Successful triggering of Rule-B.

Conclusion

This is the complete procedure of reminding new users to enroll for 2FA. You can perform the task easily with the help of Foresight. It simplifies the whole process with the 2 sets of automated rules, and thus it saves our time and improves productivity. So try the 14-day free trial with Foresight. Also, you can learn other topics related to this - Protect your business with 2-step verification, Avoid account lockouts when 2-step verification is enforced, etc.