securitygoogle-cloud-platformmulti-factor-authentication

Google Cloud Console MFA


I am unable to find a solution to enforcing users logging into GCP to setup MFA or more commonly referred to as 2 Step Verification. I can ask them to do it but I don't trust them to physically do it.

Documentation seems sparse.


Solution

  • Google provides an option for enforcing multi-factor authentication, however you can only select the MFA method and the users need to furnish some details like phone number if you are using text message or a phone call method for MFA.

    There are two ways for enforcing the MFA:

    1. One way is to inform your users to enable MFA, allowing them to enroll for MFA and monitoring the user enrollment.

    2. The second way is to enforce your user to use MFA using organizational policies

    This official support document contains both the ways in detail, go through it for more information on user enrollment to MFA, monitoring the user enrollment and for enforcing MFA.

    As mentioned in the document even if users have not enabled MFA, if they have provided required details while account onboarding they can login to the console using MFA even if it's enabled forcefully.