An issue we faced while adding a new user email is that as an organization we have enforced 2FA. This would block any new user from logging in.
To overcome this challenge.
1. Go to https://admin.google.com/ac/security/2sv
2. Under Authentication, select New User enrollment Period as 1 day.
3. Email the user about the policy and ensure that they set up 2FA on sign-in.
Technical