Currently there are a number of user security management features that are available only to super admins. To increase flexibility, our goal is to provide granular privileges so that some of these security features can be delegated to non-super admins.
To that end, we have created a new privilege called ‘User Security Management’ that allows delegated admins to perform the following actions for a specific user:
Enforce or disable 2-step verification for a given user
Disable a user's Login Challenge for 10 minutes
Retrieve/revoke application specific passwords
Retrieve/revoke 3-legged OAuth (3LO) tokens
In the past, delegated admins with any existing role with the ‘Users’ privilege were already able to disable 2-step verification for individual users. With this launch, these delegated admins will automatically get ‘User Security Management’ privileges to ensure they continue to have access to disable 2-step verification.
If an admin creates a new custom role, he/she will have the ability to selectively enable ‘Users’ or ‘User Security Management’ or both privileges going forward.
Release track:
Rapid release and Scheduled release
For more information:
https://support.google.com/a/answer/1219251#user_security
Note: all launches are applicable to all Google Apps editions unless otherwise notedwhatsnew.googleapps.comGet these product update alerts by emailSubscribe to the RSS feed of these updates