Activate the employee ID login challenge

The employee ID login challenge can only be deployed in domains where a G Suite admin has provided that ID information for their users. You can do this in one of three ways:


  1. Upload employee IDs directly into the Admin console.
  2. Use Google Cloud Directory Sync to pull employee IDs from Microsoft Active Directory or an LDAP server.
  3. Use the G Suite Admin SDK Directory API to populate the “externalIds[].type” “organization” field with employee IDs.

Once you’ve added this employee ID information, you can turn on the login challenge from the Admin console (Security > Login challenges > Use employee ID to keep my users more secure). Note that the employee ID login challenge is OFF by default.


Check out the Help Center for more information on how to add an employee ID as a login challenge.


Notify your users

If you choose to activate this login challenge, we recommend letting your users know where they can find their employee ID and that they may be asked for it when they sign in to their G Suite account. If they’d prefer to verify their identity another way, they should update their phone number and recovery email address.


Please note that this login challenge will not be presented to any user with two-step verification enabled.