Find all Google Apps users not using two-factor authentication

Question

We're implementing two-factor authentication for all of our Google Apps users.

I've written a script to list the users in a Google Apps domain based on the sample that Google provides (https://developers.google.com/apps-script/advanced/admin-sdk-directory#list_all_users)

I'd like to filter that list by users who are or aren't using two-factor authentication but I cannot find anywhere in the User API that allows me to do this.

Does anyone know who I can find out if a user is using two-factor authentication or not?

Answer 1

I found this info in the Reporting API (of the Admin SDK).

Here's a snippet I just wrote:

function logUsers2step() {    
  var date = toISODate(new Date(Date.now()-3*24*60*60*1000));
  var reports = AdminReports.UserUsageReport.get('all', date).usageReports;
  nextReport: for( var r in reports ) {
    for( var p in reports[r].parameters )
      if( reports[r].parameters[p].name == 'accounts:is_2sv_enrolled' ) {
        Logger.log(reports[r].parameters[p].boolValue+' '+reports[r].entity.userEmail);
        continue nextReport;
      }
    Logger.log('not found '+reports[r].entity.userEmail);
  }
}

function toISODate(date) { return date.getFullYear()+'-'+pad(date.getMonth()+1)+'-'+pad(date.getDate()); }

function pad(number) { return number < 10 ? '0' + number : number; }

By the way, it seems you can have this report on the Apps Dashboard and can even enforce your users to do it.