Updated Admin console for 2-Step Verification and SSO for SAML controls

Quick launch summary 

We’re making two updates to the Admin console:

New 2-Step Verification (2SV) controls: 
We’re updating the controls you use to configure 2SV in the Admin console. You may notice:

  • A new “2-Step Verification settings” section of the Security page where you can turn 2SV on or off and control other related settings. You can find this at Admin console > Security > 2-Step Verification
  • The ability to turn 2SV enrollment on or off for each organizational unit (OU). Previously you could only turn it on or off for the whole domain. Once it’s turned on, additional 2SV policies can be adjusted. 
  • New interfaces which prevent admins accidentally locking themselves out of an account by enforcing 2SV without being enrolled in 2SV. 
  • An updated and streamlined interface. 
The new 2-Step Verification settings section in the Admin console

In the 2SV section you can configure 2-Step Verification enforcement by OU

New section for single sign-on settings for SAML applications 
We’re making some updates to the settings you use to set up single sign-on for SAML applications. You may notice:

  • The settings that apply to all SAML applications when Google is the Identity Provider (IdP) are now in their own section in Security settings at Admin Console > Security > Set up single sign-on (SSO) for SAML applications
  • The functionality is not changing but you will find a more streamlined experience for managing certificates and to download IdP metadata. 
The new SSO for SAML settings section in the Admin console

 The new SSO for SAML area where you can control related settings

Getting started 

  • Admins: The new per-OU 2SV enrollment feature will be set to ON at the organization level (root OU) if and only if you had allowed 2SV enrollment for your organization prior to this launch, so that there is no change in behavior for your organization. After the launch, you can now change 2SV enrollment at an OU level. You can also use exception groups for 2SV enrollment settings, similar to how 2SV enforcement settings support them. Visit the Help Center to learn more about how to deploy 2-Step Verification for your organization.
  • End users: There is no end user impact for the feature. 

Rollout pace 


  • Available to all G Suite and Cloud Identity customers