G Suite admins can enable users to reset their passwords and recover their accounts without admin support.
ADSelfService Plus, an Active Directory (AD) self-service password management and single sign-on solution, offers the Password Reset feature, allowing users to reset their own AD passwords. It also offers the Password Synchronization feature to sync users’ passwords and any changes to it with their user accounts in applications like G Suite. When both these features are configured, users can use the same password to log in to G Suite and their AD domains, and can reset this password without help desk intervention. With ADSelfService Plus, users can reset their passwords from:
Web browsers by accessing the ADSelfService Plus portal, which can be configured to be accessed through all major web browsers. Their private networks, even remotely. Furthermore resetting their passwords, ADSelfService Plus also lets users update their cached credentials.
Here is a comparison between native G Suite password reset and G Suite password reset using ADSelfService Plus:
Native G Suite password reset | G Suite password reset using ADSelfService Plus |
---|
G Suite's Password Sync feature synchronizes Active Directory password changes to the users' G Suite accounts. | The Password Synchronization feature synchronizes Active Directory passwords with more than 15 enterprise applications. |
Supports two-factor authentication using six methods. | Offers multi-factor authentication using 15 authentication methods. |
Supports the following password requirements:
- A minimum password length.
- A strong password including a combination of all character types and does not include common words like "password" and sequences like "qwerty".
| Offers the Password Policy Enforcer, which enforces complexity rules that can:
- Control the types of characters used in the password.
- Restrict old passwords or characters from the username.
- Prevent the use of specific words, patterns, and palindromes.
- Restrict the length of the password.
|
Does not support enforcing the password policy during manual password reset by G Suite admin. | Supports enforcing the password policy during manual password reset by admin using the Active Directory Users and Computers console. |
Does not prevent the use of previously exposed passwords. | Integrates with Have I Been Pwned?, a service that informs users whether the passwords they use have been previously exposed. |
Advantages of ADSelfService Plus' self-service password reset and password synchronization features:
- Admins can choose to allow only users under specific AD groups and OUs to reset their passwords.
- Users can reset their passwords from Windows, macOS, and Linux login screens.
- Admins can restrict the number of password resets users can perform within a specific period of time.
- Admins can configure an approval workflow where users have to raise help desk requests and can reset their passwords only when their requests are accepted.
- Notifications can be sent to users and admins to acknowledge the self-service password resets performed.
With G Suite being an integral part of any organization and the apps under it storing sensitive enterprise information, choosing a secure self-service password reset solution is a step in the right direction. When compared to G Suite's native solution, ADSelfService Plus is a more comprehensive password reset solution that not only offers self-service password reset and password synchronization, but also:
- Self-service AD account unlock.
- MFA for endpoint (Windows, macOS, and Linux) and enterprise application logins.
- Enterprise application single sign-on.
- Directory self-update.