Invalidate Verification Code

📖 Definition


The "Invalidate Verification Code" action allows Google Workspace administrators to invalidate the current backup verification codes for a user. This action is primarily used to enhance security by ensuring that previously generated verification codes can no longer be used to bypass 2-Step Verification for the user. It helps in scenarios where backup codes might have been compromised or need to be reset for other security reasons. By using this action, administrators can ensure that the user must generate new backup verification codes, ensuring their accounts remain secure.

Key Capabilities:

  • Invalidate current backup verification codes for a user.
  • Enhances security by preventing unauthorized access with old or potentially compromised verification codes.
  • Ensures that users are prompted to generate new backup verification codes after invalidation.

🎯 Example Use Cases


Compromised Backup Codes

If a user suspects that their backup verification codes have been compromised, an admin can invalidate those codes to prevent unauthorized access and force the user to generate new ones for enhanced security.

User Account Recovery

When a user loses access to their backup verification codes, an admin can invalidate the old codes, allowing the user to set up new backup codes as part of the recovery process.

Security Protocol Enforcement

As part of routine security audits or protocol enforcement, admins can invalidate backup codes for users periodically to ensure that only current, valid verification codes are in use.

Post-Offboarding of Employee

When an employee leaves the organization, an admin can invalidate the user’s backup verification codes as part of the offboarding process to ensure that the user no longer has access to corporate resources.


📥 Inputs


Connection

This field represents the Google Workspace Administration connection that authorizes Zenphi to interact with your Google Workspace system. You need to upload a Google service account credential JSON file that has domain-wide delegation enabled. This allows Zenphi to securely perform actions on behalf of your organization, such as managing user verification codes.

How to Get: To set up this connection, follow the guide to create a Google Workspace Administration connection and generate the necessary service account credential:👉 *How to create this connection


User Primary Email

This field is the primary email address of the user whose backup verification codes are being invalidated. The email provided here will be used to identify the user and perform the action on their account.

Details:

  • This should be the user’s current primary email address associated with their Google Workspace account.
  • If you are not sure of the user’s primary email, it can be found in the user's Google Workspace account settings.

📤 Outputs


User Primary Email

This output field returns the primary email address of the user whose backup verification codes have been invalidated. It confirms the specific user on whom the action was executed, ensuring that the correct user’s verification codes were invalidated.

Details:

  • This is the same primary email address that was used as an input in the action.
  • It helps confirm which user had their verification codes invalidated.

📘 Example Scenario


Resetting Compromised Backup Verification Codes

Scenario: A user in your organization suspects that their backup verification codes have been compromised. To ensure the user’s account remains secure, the admin needs to invalidate the current backup verification codes and force the user to generate new ones.

Steps:

  1. Connection Setup: The admin has already set up a Google Workspace Administration connection using the necessary service account credentials with domain-wide delegation.

  2. Provide Inputs:

    • User Primary Email: The admin enters the email address of the user who needs their backup codes invalidated (e.g., [email protected]).
  3. Run the Flow: The flow is executed, and the system invalidates the current backup verification codes for the user.

  4. Output: The flow returns the primary email address of the user ([email protected]), confirming that the action was completed successfully.

Outcome: The user can now generate new backup verification codes, ensuring their account is protected with fresh security credentials. This action ensures that no unauthorized access can be made using old, potentially compromised backup codes.