This Google Workspace Provisioner package includes a separate application, the Google Apps Password Manager that may be configured with PingFederate to allow end users to reset Google passwords. Because users who access Google Apps via SSO do not need Google credentials, they may forget (or never receive) individual passwords. The optional Password Manager is provided for situations in which enterprise users may need to obtain reset passwords to access Google Apps directly.
As stated in Google's less secure apps policy change, starting May 30, 2022 the use of third-party apps or devices that ask a user to sign into their Google account using only a username and password will no longer be supported. For more information, see Less secure apps & your Google Account in the Google documentation.
The Password Manager is not dependent on the PingFederate SSO connection to Google Apps; it is deployed a stand-alone application either within PingFederate or in a separate Web container.
To use the Password Manager, PingFederate must be configured to act as both an IdP and an SP. Then define an instance of the PingFederate OpenToken SP Adapter (if one does not exist), which is used to identify the user via an encrypted security token, based on the user’s ID attribute mapped directly to the SP adapter from the IdP authentication adapter.