Password reset for G Suite users:
When a user of your organization forgets the password for their managed Google account, or if you think their account has been compromised, you can reset their password directly from the Google Admin console.
How to reset User password:
With administrator privileges, you can reset user’s passwords by following the below steps. Or if you wish to provide access for your users to reset their passwords themseleves, see the details below
- In your Google Admin console(at admin.google.com).
- Go to Users.
- In the Users list, find the user account for which you wish to change the password.
- Hover over the user and click Reset password icon which appears at the right.
You can also find this option at the top-left of the user’s account page.
(Note: To see either of these options, you must be signed in with an administrator account that has reset password privileges.)
- Choose to automatically generate the password or enter a password.
(By Google default, password minimum length is 8 characters. You can monitor the password strength for your organization by clicking here.)
- To view the password, click Preview .
- Ask the user to change the new password the next time they sign in.
- Click Reset.
- To paste the password somewhere, such as in a Hangouts Chat conversation with the user, click Click to copy password.
- Allow the user to recover their own password.
- Email the password to the user.
- Click Done.
Set up password recovery for users:
As you are the organization’s administrator, you can choose how to let users who aren’t administrators get back into their account if they forget their password, and below are the two ways through which the user can reset their password:
- Option 1: Let users reset passwords themselves through an automated system (you need to turn on non-admin password recovery in your Admin console).
- Option 2: Ask users to contact an administrator to reset their password.
Option 1: Let users reset passwords themselves
This feature isn’t available if you’re running single sign-on (SSO) or G Suite Password Sync (more details here). It also doesn’t work for users under the age of 18. See details below
Each user has to add a recovery phone number or email address to their account where they can receive recovery instructions via voice, text message, or email. They can then reset their password by entering their Google Account address and following automated instructions.
Turn on non-admin password recovery:
By default, only administrators can reset a forgotten password using the automated system. Here’s how to let other users do this, too:
- In your Google Admin console (at admin.google.com)..
- Go to Security > Basic settings.
- Under Password recovery, click Enable/disable non-admin user password recovery. This link isn’t available if your organization is running SSO or G Suite Password Sync.
- Under Password recovery, check Enable non-admin user password recovery.
- At the bottom, click Save.
- Tell users to set up a recovery phone number or email address where they can receive password recovery instructions (via voice, text message, or email).
G Suite for Education users under the age of 18 can’t add contact information to their account. They therefore can’t recover their password this way. Instead, they have to contact an administrator.
Also, Immediately remove a user’s recovery information when they leave your organization or if their account might be hijacked. See details below.
Now, if any user in your organization clicks Forgot password? on the sign-in page, they see instructions on recovering their own password. If they’ve added a recovery phone number or email address to their account and answer questions correctly, they can reset their own password.
2-step verification: Users with 2-step verification can also follow these steps to reset their own password. However, they can only reset their password using their recovery email. If they haven’t added recovery information or don’t answer questions correctly, they’re told to contact an administrator.
Prevent unauthorized access to a user’s account:
If you turn on non-admin password recovery, immediately remove a user’s recovery information if…
- The user is terminated or leaves your organization. That way they can’t recover their password to access their old account.
- You suspect the account has been hijacked and the user’s recovery information is no longer legitimate.
To remove a user’s recovery information or check if it’s been hacked, sign in to the account as the user. Then follow steps at Set up a recovery phone number or email address.
When non-admin password recovery isn’t available:
- G Suite for Education users under the age of 18—Younger G Suite for Education users aren’t permitted to add a recovery phone number or email to their account. They can’t reset a forgotten password on their own.Note: Users of any age with primary or secondary education accounts can’t supply a recovery phone number or email. The option to add a phone number or email is disabled for these types of accounts.Only users with Higher Education accounts, administrators, and teachers using G Suite for Education can supply a recovery phone number or email.
- Organizations using SSO or GSPS—If your organization is running single sign-on (SSO), you won’t see the enable non-admin user password recovery option in your Admin console. If your organization is running G Suite Password Sync for Active Directory (GSPS) and you’ve prevented users from changing their G Suite passwords, users are redirected to Active Directory to reset their passwords. This keeps their Active Directory passwords in sync with G Suite.
Option 2: Ask users to contact an administrator
If a user clicks Forgot password? on the sign-in page, and you haven’t turned on non-admin password recovery, they see a message to contact their administrator. Make sure you’ve provided a way for users to contact an administrator if they can’t sign in to their account.
See also How to reset a Google Account Password.
*Images and Support Courtesy:Google