3

Theres a weird issue I can't find any solution for: in an organization that is using GSuite admin can't open a mailbox for a fired employee. I mean we can reset password etc but while logging in there's "Verify its you" prompt that will send sms to his private number - that means mailbox can't be opened. We are legally entitled by organization management to open the mailbox, but it seems quite impossible.

It is not a 2SV - we have disabled it for the whole domain in attempts.

Any workarounds?

Cyrill U
  • 98
  • 2
  • 2
  • 6

2 Answers2

6

As an administrator, reset their password, and use one of their backup verification codes.

On top of organization 2SV policy, Google accounts have extra security when faced with suspicious logins. Such as an admin attempting to login with a new device in a different location. Makes sense an unknown device would trigger a "Verify it's you". G Suite administrators can disable this for a short time. (See Mario R.'s answer over at webapps.SE, via this blog.)

  1. Sign in to your Google Admin console.
  2. From the Admin console Home page, go to Users.
  3. Click the row for the user account to display the user information page.
  4. Click Security.
  5. Click Login challenge.
  6. Click Turn Off For 10 Minutes.

Or, skip account takeover. As an administrator, download the user's data via G Suite Data Export.

John Mahowald
  • 36,071
0

finally I found fix this. you can follow these steps.

  1. on google admin console go to that section 2FA settings in organization.
  2. turn on "Allow users to turn on 2-Step Verification"
  3. in this section choose Enforcement "On"
  4. choose methods "Any except verification codes via text, phone call"
  5. save this page. and now go to user section on google admin page. and go to users tab and choose user that you want. and go to settings > security tab on that specific user.
  6. click 2FA settings and get Backup verification codes. note that somewhere that code.
  7. now try to login with this specific user and it will ask you email, password and then it will as that back code. type 8 digit of that any code.
  8. you are done! but you have to active 2FA auth for that account like with google auth or 1pass app you can use it. vola!
Devrimer
  • 1