Challenge
A Swedish school uses Google for Education to manage accounts, allowing both students and school staff to log into their Chromebooks and access the necessary systems and services. Users need to enter their password stored in their Google account to log in.
After holidays or at the start of a new term, it is common for users to forget their current password.
The school wants school staff to be able to reset their passwords completely independently, without the involvement of a service desk, while maintaining high security to prevent attackers from exploiting vulnerabilities and stealing users' passwords.
Students who have their own e-ID should also be able to reset their passwords.
A teacher should also have the ability to reset passwords for the students they are authorized to, known as delegated password reset.
Password reset should be easy to use, require minimal administrative work, provide higher security, and save time and money.
Solution
With Fortified ID Password Reset, school staff and students can use the methods the school has chosen to expose via the school's authentication service (Identity Provider, IdP) to reset their Google password.
The school's IdP is based on the Fortified ID Integrity Web software.
The e-IDs that the school can select to expose are BankID, Freja OrgID, SITHS, and Foreign eID, European e-ID via eIDAS.
The solution is highly cost-effective:
Issuance of the e-ID is handled outside the organization
Most users are familiar with using e-ID in their private lives
Requires minimal administration within the organization
Students can get help resetting their passwords from their class teacher
Standardized integration
Other Information
The link between the user's e-ID and the user's account in the organization is done via a lookup against Google. The solution connects the identifier on the user's e-ID with an attribute on the user's Google account. The school can choose which attribute to use for this mapping.
Delegated password reset is based on a teacher's account attribute that defines which class they oversee. All students marked with the same class can have their passwords reset by the class teacher.
The solution meets the password requirements and complexity configured by the school in Google.
The integration between Password Reset and the school's login service (IdP) occurs through a standardized SAML2-based flow.
Related Information