08-15-2023 06:23 AM
I've completed the setup of a Google Workspace minus the actual check to turn on 'Set up SSO with third-party identity provider'.
Today was the planned date to switch this on and after putting the check mark to activate, the save button is not available. It appears the 'Change password URL' field is now required.
Can anyone confirm this, and if there is a URL to change google password?
Solved! Go to Solution.
08-15-2023 02:28 PM
So, if you have Duo SSO configured for AD authentication, meaning you have one or more Duo Authentication Proxy servers talking to your on-prem AD DCs to service primary auth for SSO apps, you can enable password reset for AD passwords through Duo SSO. That's what I was referencing in the earlier response... if you enabled SSO password reset for AD you could reuse the SSO login url as it would legit let someone change their AD password.
08-15-2023 09:20 AM
Duo SSO doesn't have a unique change password URL. But, since Duo SSO supports both expired and proactive password reset during login in you're using Active Directory as the authentication source, you could enter the same Duo SSO Sign-In page URL you put in to Google as the Sign-In page URL i.e. https://sso-abc1def2.sso.duosecurity.com/saml2/sp/DIABC123678901234567/sso.
If you're using a SAML authentication source for Duo SSO, you could find the change password URL for that SAML IdP and use that (like for Azure it's https://account.activedirectory.windowsazure.com/changepassword.aspx).
08-15-2023 09:26 AM
These are onsite AD servers so there is no URL to use. After discussion with colleagues, best option we can come up with is to just put our company contact info URL into it if they need a password change.
08-15-2023 02:28 PM
So, if you have Duo SSO configured for AD authentication, meaning you have one or more Duo Authentication Proxy servers talking to your on-prem AD DCs to service primary auth for SSO apps, you can enable password reset for AD passwords through Duo SSO. That's what I was referencing in the earlier response... if you enabled SSO password reset for AD you could reuse the SSO login url as it would legit let someone change their AD password.
08-16-2023 10:16 AM
Thats helpful. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide