JumpCloud acts as the authoritative source of password synchronization with Google Workspace accounts when using the Google Workspace Directory Integration. With this synchronization, passwords must be reset from JumpCloud, which synchronizes subsequent changes with the Google Workspace identity.
To ensure an appropriate user workflow for password resets, Google allows for modification to the Password Change URL. This allows administrators to configure JumpCloud's URL for password reset and disallows password reset while logged in to Google Workspace.This procedure redirects users to the JumpCloud Password Reset page when attempting to change their password while logged in, however it doesn't perform the redirection when clicking Forgot Password.
- This procedure requires a Google Administrator account, and accessibility to the Google Administrator Dashboard.
- This workflow makes a modification to Google’s Single Sign On (SSO) configuration, but keep in mind that this setting applies even if you don’t enable SSO.
- To fully disable any password modification to non-Administrator users, refer to Disable Google Workspace Non-Admin User Password Recovery with Google Workspace Directory Integration below for more information.
Forcing Google Workspace Password Changes in JumpCloud
To force JumpCloud password change URL:
- Log in to https://admin.google.com as a Google Administrator from your tenant.
- From the Administrator console, click Security.
- Click Set up single sign-on (SSO) with a third party IdP.
- Toward the bottom, locate the Change password URL field, and enter https://console.jumpcloud.com/login?template=resetUserPassword.
Don't select Setup SSO with third-party identity provider.
- Click Save.
Your users should now be directed to the JumpCloud password reset page when requesting password reset through the Google platform.
Disabling Google Workspace non-Admin User Password Recovery
To ensure an appropriate user workflow for password resets, Google allows for completely disabling non-admin user password recovery through the dashboard configuration. Alternatively, you can modify the Google Workspace Password Change URL to redirect users to JumpCloud password recovery when changing their password while logged in, as detailed in the section above.
This procedure will completely disable password reset methods using Google Workspace. This will not modify the Forgot Password reset link behavior.
- A Google Administrator account and access to the Google Admin console are required.
To disable non-admin password recovery:
- Log in to the Google Admin console as a Google Administrator for your organization.
- Go to Security > Account recovery.
- Click User account recovery.
- Clear the Allow users and non-super admins to recover their account option.
Learn more from Google Workspace Admin Help: Set up password recovery for users.