Querying two step verification status for an account

[Max Spicer]

Hi,

Is there any way using gam to query whether an account has two-step verification enabled? The closest I can find is the "gam user <username> show backupcodes" command. However, I can't see a way to differentiate between someone who has no backupcodes, and someone who doesn't have two-step verification turned on.

Cheers,

Max Spicer

[Bri Hatch]

Here's an idea to test. My assumption is that you can't have backupcodes if you aren't in 2step. You'd need to test to see if that assumption is wrong.

If they have no backupcodes, then generate backupcodes. Then check to see if they have backupcodes. If no backup codes (and assumption above is correct!) then they're not in 2step.

Please report back - would be interested to know if this works.

--
You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To post to this group, send email to google-ap...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/1303715b-e694-403d-9b16-994af973f1f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Bri Hatch, Systems and Security Engineer. http://www.ifokr.org/bri/

The sooner you fall behind, the more time you'll have to catch up.

[Nate Ferrell]

there actually is a command to check the 2SV enrollment/enforcement status (uses admin reports api):

report users fields 'accounts:is_2sv_enforced,accounts:is_2sv_enrolled'

On Wednesday, July 6, 2016 at 7:58:19 AM UTC-7, Bri Hatch wrote:

Here's an idea to test. My assumption is that you can't have backupcodes if you aren't in 2step. You'd need to test to see if that assumption is wrong.

If they have no backupcodes, then generate backupcodes. Then check to see if they have backupcodes. If no backup codes (and assumption above is correct!) then they're not in 2step.

Please report back - would be interested to know if this works.

On Wed, Jul 6, 2016 at 5:06 AM, Max Spicer <max.s...@york.ac.uk> wrote:

Hi,

Is there any way using gam to query whether an account has two-step verification enabled? The closest I can find is the "gam user <username> show backupcodes" command. However, I can't see a way to differentiate between someone who has no backupcodes, and someone who doesn't have two-step verification turned on.

Cheers,

Max Spicer

--
You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsub...@googlegroups.com.

To post to this group, send email to google-ap...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/1303715b-e694-403d-9b16-994af973f1f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Nate Ferrell]

*** full command:

gam report users fields 'accounts:is_2sv_enforced,accounts:is_2sv_enrolled'