Google is always looking for new ways to keep your users’ accounts secure and your organization’s data safe. As part of that effort, users may now be asked to verify their identity by providing their employee ID when they sign in to their G Suite account. This will better protect your users from hijacking attempts, as employee IDs are more difficult to guess and phish than many types of identity challenges.
How to Activate the employee ID login challenge?
The employee ID login challenge can only be deployed in domains where a G Suite admin has provided that ID information for their users. You can do this in one of three ways:
- Upload employee IDs directly into the Admin console.
- Use Google Cloud Directory Sync to pull employee IDs from Microsoft Active Directory or an LDAP server.
- Use the G Suite Admin SDK Directory API to populate the “externalIds.type” “organization” field with employee IDs.
Once you’ve added this employee ID information, you can turn on the login challenge from the Admin console (Security > Login challenges > Use employee ID to keep my users more secure). Note that the employee ID login challenge is OFF by default.
Check out the Help Center for more information on how to add an employee ID as a login challenge.
Notify your users
If you choose to activate this login challenge, we recommend letting your users know where they can find their employee ID and that they may be asked for it when they sign in to their G Suite account. If they’d prefer to verify their identity another way, they should update their phone number and recovery email address.
Please note that this login challenge will not be presented to any user with two-step verification enabled.