New issue
Advanced search Search tips

Issue 779223 link

Starred by 2 users
Status: Duplicate
Merged: issue 778307
Owner: ----
Closed: Nov 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows , Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Don’t remove "change password at next sign in" option after school districts enable Clever Badges

Reported by kkni...@joliet86.org, Oct 27 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Steps to reproduce the problem:
1. Go to Security > "Setup single sign-on (SSO)" > "Setup SSO with third party identity provider" and set up the Clever Badges + Chromebook integration. [http://assets.clever.com/documents/BadgesWithChromebooks.pdf]. Note the use of netmask and that the password reset URL is blank.

2. Then, in GSuite, click on any user and try to reset their password. 

3. 

What is the expected behavior?
A checkbox is shown to “require a password change in the next sign in.”

What went wrong?
The checkbox goes missing after Clever Badges is enabled. See attached screenshot.

Did this work before? No 

Chrome version: 61.0.3163.100  Channel: n/a
OS Version: 10.0
Flash Version: 

This is truly impacting our district. This is the firstt year our K-1 students have had chromebooks. It is very difficult for K-1 students to type in an email address and password. It takes up a great deal of instructional time. The Clever Badges would enable easy access for our youngest learners. To the disappointment of our primary teachers, We have had to turn off the Badge system. When the badges are enabled in the admin console, it disables our ability to force password resets. This now becomes a security issue. We are very disappointed that Google is making this so difficult to use. 
Clever has informed us: 
Clever Badges is unlike other SSO providers – we just use them for younger students, but continue to use normal Google credentials for our older students. This hybrid functionality is enabled by creative use of the netmask setting and otherwise works great.  That said, we can’t use Clever Badges if it means losing our password security features for our older students and staff.

The fix could simply be this: when the SSO "password reset URL" field is left blank (as it is when using Clever Badges), the reset checkbox in Google continues to be shown.
GooglePW-before-after.png
54.6 KB View Download

Comment 1 by kkaluri@chromium.org, Nov 1 2017

Labels: OS-Chrome

Comment 2 by hunyadym@chromium.org, Nov 6 2017

Mergedinto: 778307
Status: Duplicate (was: Unconfirmed)

Sign in to add a comment