Search code examples
google-app-enginegoogle-apps-scriptgoogle-apigoogle-apps

Find all Google Apps users not using two-factor authentication


We're implementing two-factor authentication for all of our Google Apps users.

I've written a script to list the users in a Google Apps domain based on the sample that Google provides (https://developers.google.com/apps-script/advanced/admin-sdk-directory#list_all_users)

I'd like to filter that list by users who are or aren't using two-factor authentication but I cannot find anywhere in the User API that allows me to do this.

Does anyone know who I can find out if a user is using two-factor authentication or not?


Solution

  • I found this info in the Reporting API (of the Admin SDK).

    Here's a snippet I just wrote:

    function logUsers2step() {    
      var date = toISODate(new Date(Date.now()-3*24*60*60*1000));
      var reports = AdminReports.UserUsageReport.get('all', date).usageReports;
      nextReport: for( var r in reports ) {
        for( var p in reports[r].parameters )
          if( reports[r].parameters[p].name == 'accounts:is_2sv_enrolled' ) {
            Logger.log(reports[r].parameters[p].boolValue+' '+reports[r].entity.userEmail);
            continue nextReport;
          }
        Logger.log('not found '+reports[r].entity.userEmail);
      }
    }
    
    function toISODate(date) { return date.getFullYear()+'-'+pad(date.getMonth()+1)+'-'+pad(date.getDate()); }
    
    function pad(number) { return number < 10 ? '0' + number : number; }
    

    By the way, it seems you can have this report on the Apps Dashboard and can even enforce your users to do it.