Google Workspace

Reset your forgotten Google Workspace password using Fortified ID Password Reset.

Overview

This use case describes how to configure password reset for accounts managed in Google Workspace. It covers self-service password reset scenarios. We also talk about delegated password reset scenarios, where an authorized administrator can reset another user’s password. A typical example is a teacher resetting a forgotten password for a student.

Prerequisites

Fortified ID Password Reset is installed and configured as a SAML Service Provider (SP) against an SAML Identity Provider (IdP), for example Fortified ID Access.
Configuration of the SAML IdP is outside the scope of this use case and is therefore not covered.

This use case provides an example configuration for resetting an Google Workspace password after successful user authentication. The pre-configured SAML IdP must support an authentication method that does not rely on an Google Workspace password, such as Swedish BankID, Freja, or username combined with a one-time password (OTP).

Configuration

Overview of the steps in this use case

Configure your Google Workspace to support Password Reset
Configure Fortified ID Password Reset
1. Add keystore to use when connecting to Entra
2. Add the Entra module
3. Update the Password Self Reset pipe
Test to reset a Entra account password

1. Configure your Google Workspace to support Password Reset

Setup the Google Workspace configuration using this guide. This document describes how to setup the Google Directory User API to allow Fortified ID products to perform CRUD operations. It also describes how to fetch custom attribute for mappings.

2. Configure Fortified ID Password Reset

2.1 Add the Google *.p12 (created in Google)

Login to Management Center for Password Reset
Click Configuration tab
Expand Modules and click + to add new module
Click add ...
1. ..
2. TBD
Click Update and Deploy

2.2 Update the Password Self Reset pipe

Login to Management Center for Password Reset
Click Configuration tab
Expand Password Reset
Expand Pipes
Click self_reset
Click JSON for JSON Edit

Copy data below and overwrite all existing data

{
  "id": "self_reset",
  "display_name": "self_reset",
  "description": "Self Reset",
  "config": {
    "valves": [
      {
        "name": "DumpRequest",
        "config": {
          "label": "**********   DumpRequest for Self Reset   **********"
        }
      },
      {
        "name": "DumpSession",
        "config": {
          "label": "**********   DumpSession for Self Reset   **********"
        }
      },
      {
        "name": "CreateJwt",
        "config": {
          "jwt_ttl": 5,
          "jwt_claims": {
            "iss": "${globals.google.serviceaccount}",
            "scope": "https://www.googleapis.com/auth/admin.directory.user",
            "aud": "https://oauth2.googleapis.com/token"
          },
          "keystore": {
            "path": "${globals.keystore.google.ssl_keystore_path}",
            "password": "${globals.keystore.google.ssl_keystore_password}",
            "type": "PKCS12"
          },
          "keystore_password": "${globals.keystore.google.ssl_key_password}",
          "keystore_alias": "${globals.keystore.google.ssl_key_alias}"
        }
      },
      {
        "name": "HttpPost",
        "config": {
          "url": "https://oauth2.googleapis.com/token",
          "destination": "default",
          "parameters": {
            "assertion": "{{{item.jwt}}}",
            "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer"
          },
          "content_type": "application/x-www-form-urlencoded"
        }
      },
      {
        "name": "HttpPut",
        "config": {
          "url": "https://admin.googleapis.com/admin/directory/v1/users/{{{request.user_name}}}",
          "destination": "default",
          "headers": {
            "Authorization": "Bearer {{{state.body.access_token}}}"
          },
          "content": {
            "changePasswordAtNextLogin": false,
            "password": "{{{request.new_password}}}"
          },
          "content_type": "application/json"
        }
      },
      {
        "name": "DumpState",
        "config": {
          "label": "**********   DumpState after LDAPSearch   **********"
        }
      }
    ]
  }
}

Click Update and Deploy

3. Test to reset a Google account password

Browse to https://dev.fortifiedid.se/pwdreset/
Password Reset will redirect you to your SAML IdP
1. This use case expect that you have some authentication method that is not using the password you are trying to reset. Configuration of the SAML IdP is not explained here. But for testing purposes, if your using Fortified ID Access is to prep a StaticSAML credential validator with an Entra account data you like to reset.
When logged in to Fortified ID Password Reset add a new password and click Reset
If the password did not reset
1. Verify the server.log file. The pipe configuration for this use case dumps a lot of data that can be of interest.

PreviousMicrosoft Entra ID NextMicrosoft Entra ID with BankID

Last updated 12 days ago

hashtagOverview

hashtagPrerequisites

hashtagConfiguration

hashtagOverview of the steps in this use case

hashtag1. Configure your Google Workspace to support Password Reset

hashtag2. Configure Fortified ID Password Reset

hashtag2.1 Add the Google *.p12 (created in Google)

hashtag2.2 Update the Password Self Reset pipe

hashtag3. Test to reset a Google account password

hashtagLogin to Fortified ID Password Reset