Password change redirect limitations

[Frank Barton <bartonf () HUSSON EDU>]

Hi Folks, I've just spent the last couple weeks going back and forth with
Google Support, and our Higher Education Google person, and I figure I
should let these groups know the result of this.

Background:

   - We sync passwords from Active Directory to G-Suite using the Password
   Sync Tool on all Domain Controllers
   - We have the appropriate settings from
   https://support.google.com/a/answer/2611842 configured to "Prevent users
   from changing their Google passwords" (support has verified this) - users
   should be directed to our internal password change/reset page

Problem:

   - When a Google account is flagged as "Require password change: On" the
   password change is NOT redirected, and process as a Google Password change

Sub-Problem:

   - When an account is flagged by Google's automatic process for
   compromise (eg. "Leaked Password") the wording of the message states: "This
   Leaked password alert is to inform you that Google has suspended an account
   in your domain due to a potentially leaked password." but this isn't the
   case - the account isn't suspended - it is set as "Require password change"


I am hoping that we can either get the behaviour changed - or get the
documentation updated to reflect reality.

Frank

-- 
Frank Barton, MBA
Security+, ACMT, MCP
IT Systems Administrator
Husson University
PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community