To that end, we have created a new privilege called ‘User Security Management’ that allows delegated admins to perform the following actions for a specific user:
Enforce or disable 2-step verification for a given user
Disable a user's Login Challenge for 10 minutes
Retrieve/revoke application specific passwords
Retrieve/revoke 3-legged OAuth (3LO) tokens
In the past, delegated admins with any existing role with the ‘Users’ privilege were already able to disable 2-step verification for individual users. With this launch, these delegated admins will automatically get ‘User Security Management’ privileges to ensure they continue to have access to disable 2-step verification.
If an admin creates a new custom role, he/she will have the ability to selectively enable ‘Users’ or ‘User Security Management’ or both privileges going forward.
Release track:
Rapid release and Scheduled release
For more information:
https://support.google.com/a/answer/1219251#user_security
Note: all launches are applicable to all Google Apps editions unless otherwise notedwhatsnew.googleapps.comGet these product update alerts by emailSubscribe to the RSS feed of these updates