Require Users to Change Their Google Workspace Passwords in JumpCloud

JumpCloud acts as the authoritative source of password synchronization with Google Workspace accounts when using the Google Workspace Directory Integration. With this synchronization, passwords must be reset from JumpCloud, which synchronizes subsequent changes with the Google Workspace identity.   

To ensure an appropriate user workflow for password resets, Google allows for modification to the Password Change URL. This allows administrators to configure JumpCloud's URL for password reset and disallows password reset while logged in to Google Workspace. This procedure redirects users to the JumpCloud Password Reset page when attempting to change their password while logged in, however it doesn't perform the redirection when clicking Forgot Password.

Prerequisites

  • A Google Administrator account and accessibility to the Google Administrator Dashboard. 

Considerations

  • This workflow makes a modification to Google's Single Sign On (SSO) configuration, but this setting applies even if you don't enable SSO
  • To fully disable any password modification to non-Administrator users, refer to Disabling Google Workspace Non-Admin User Password Recovery for more information.

Forcing Google Workspace Password Changes in JumpCloud

​​To force the JumpCloud password change URL

  1. Log in to Google as an administrator from your tenant.
  2. From the Administrator console, click Security.
  3. Click Set up single sign-on (SSO) with a third party IdP.
  4. Toward the bottom, in the Change password URL field, enter https://console.jumpcloud.com/login?template=resetUserPassword.

Warning:

Don't select Setup SSO with third-party identity provider.

  1. Click Save.

Your users should now be directed to the JumpCloud password reset page when requesting password reset through the Google platform.

Disabling Google Workspace non-Admin User Password Recovery

To ensure an appropriate user workflow for password resets, Google allows for completely disabling non-admin user password recovery through the dashboard configuration. Alternatively, you can modify the Google Workspace Password Change URL to redirect users to JumpCloud password recovery when changing their password while logged in, as detailed in the section above.

This procedure will completely disable password reset methods using Google Workspace. This will not modify the Forgot Password reset link behavior.  

To disable non-admin password recovery

  1. Log in to Google as an administrator from your tenant.
  2. Go to Security > Account recovery.
  3. Click User account recovery.
  4. Clear the Allow users and non-super admins to recover their account option.

Tip:

See Set up password recovery for users to learn more.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case