Currently there are a number of user security management features that are available only to super admins. To increase flexibility, our goal is to provide granular privileges so that some of these security features can be delegated to non-super
To that end, we have created a new privilege called ‘User Security Management’ that allows delegated admins to perform the following actions for a specific user:
- Enforce or disable 2-step verification for a given user
- Disable a user’s Login Challenge for 10 minutes
- Retrieve/revoke application specific passwords
- Retrieve/revoke 3-legged OAuth (3LO) tokens
In the past, delegated admins with any existing role with the ‘Users’ privilege were already able to disable 2-step verification for individual users. With this launch, these delegated admins will automatically get ‘User Security Management’ privileges to ensure they continue to have access to disable 2-step verification.
If an admin creates a new custom role, he/she will have the ability to selectively enable ‘Users’ or ‘User Security Management’ or both privileges going forward.
Release track:
Rapid release and Scheduled release
For more information:
https://support.google.com/a/answer/1219251#user_security
Reference by : www.google.com