For significantly increased security, generic accounts are required to have Google 2-Step Verification enabled within 14 days of its creation.

If you have not yet requested a Generic Account, complete the Generic Account Access Setup process.

Along with standard Google 2-Step authentication methods, Generic Account users also have access to the Get2Factor app.

• Get2Factor (G2F) app
  • Provides a virtual Google Authenticator app that allows Generic Account users to access two-factor codes via ServiceNow.
  • Is beneficial for Generic Accounts with more than three users.
  • Visit Get2Factor to manage accounts and access codes.
  • Review the G2F User’s Manual for more information on end-user access and how to set up the tool for your accounts.
• Step 1- Before enrolling your Generic Account in 2-Step:
  • Identify a primary contact who will manage the process.
  • Generic Account contacts should communicate with all users of the account that 2-Step Verification will be enabled.
  • Note: Once enrolled, users who log in directly to that Generic Account will be required to verify with an enrolled second factor. Delegated users who do not log in to the account directly will not be affected.
• Step 2- The primary contact will:
  • Identify users who will need direct access to the account, along with their preferred authentication method.
  • Initially enroll the account in 2-Step. Note that a number is no longer necessary to enroll in 2-Step. Enrolling may now start with a security key or Google Prompt.
  • Add other users’ preferred authentication method in Google 2-Step settings.
    • E.g. additional numbers for phone call and/or text message, security keys, print backup codes, etc.
  • Notes:
    • OIT recommends that the account initially be enrolled using the primary contact’s security key or Google Prompt.
    • Generic Accounts with more than 3 users should use the Get2Factor App.
• Step 3 – After setup:
  • After logging in with the generic account’s username and password, most users will need to select “Try another way?” on the verification window to select their preferred individual authentication method. Once authenticated, users will continue to their desired app.
  • Review 2-Step Verification settings regularly to ensure appropriate user access. Changes can be made to the account’s settings at any time.
• Web Session length
  • Unlike Duo, with Google you cannot trust your computer for 14 days, meaning if you log out of a Google service, you will have to use 2FA to log back in.
  • However, if you quit your web session and you do not log out of your Google service, your web session length will stay valid for 14 days.
  • If you use web session length with Google, be sure that your computer is secured so that no one can access your Google account.
  • As with Duo, clearing cache and cookies or using incognito/private browsing will result in having to re-authenticate with Google 2-Step.
• Two-Factor Status available in Web Registry
  • Administrative and Technical contacts can view the status of two-factor authentication for generic accounts.
  • The Two-Factor Status field can be viewed in the following locations:
    • From the Service Directory by filtering the listing of generics you own or are listed as a contact for.
    • Under the “Service Status” for specific generic accounts.