Is it possible to use the Google Admin SDK to remove/disable two-factor authentication & app-specific passwords and, if so, how?

Question

I've looked through the documentation; I can find out how to revoke the backup codes but I can't see an option to explicitly disable two-factor authentication or to revoke any app-specific passwords.

Thanks.

Philip

score 1 · Accepted Answer · answered Apr 05 '16 at 14:42

1

Auditing and revoking Application Specific Passwords (ASPs) can be done via the Directory API within the Admin SDK as detailed here. You can also audit the access tokens for a given user with the same API.

I don't believe it's possible to enable/disable 2-step verification (2SV) for a specific user. That being said, you can move them with the Directory API into/out of an OU with/without 2SV enforced/disabled to accomplish this.

answered Apr 05 '16 at 14:42

miketreacy

1,120
1
11
17

I like the idea of moving them to an OU with 2SV disabled but, unfortunately, that doesn't seem to work in our scenario. The parent OU doesn't force 2SV so *it* has a setting of "Turn off", as does our "leavers" OU, so moving them doesn't change anything. That's a shame. – Philip Colmer Apr 06 '16 at 10:29

Is it possible to use the Google Admin SDK to remove/disable two-factor authentication & app-specific passwords and, if so, how?

1 Answers1