AD Password Sync(APS) for Google Apps

The Challenge

Google Apps has been one of the most popular Messaging & Collaboration Platform on the cloud, Google Apps definitely help organization to reduce cost, simplify the complex on premise legacy system, and provides a rich End User experience. But It comes with its own challenge of federation which means if the organization would like to have the same password of Microsoft Active Directory then the organization has to invest in SSO (Single Sign - On) which brings in the dependency on the SSO implementation and also may result as a bottleneck when SSO does not work or is not reachable.

Introduction

CloudCodes introduces a simple to use solution for the above mentioned challenge, AD Password Sync for Google Apps. APS for Google Apps is light wieght tool which securely Synchronises the Active Directory Password to Google Apps without having the need of implementing complex SSO.

APS tool facilitates the synchronization of password of Active Directory and Google Apps. As part of Identity Management policies, users who are part of Active Directory deployment need to change password on a periodic basis. The synchronization of changed password with Google Apps becomes a difficult task due to lack of proper automation products. APS for Google Apps provides a simple way achieving the synchronization in an automated manner.

How it works

Once the product is configured on Active Directory machine (including restart), all the password updates by user will get synchronized on Google Apps. There is no change in the way password updates are done by the user. The Password Sync Utility works in the following manner

• The password sync component installed on the Active Directory machine is subscribed to password change event of Active Directory.
• When the password is changed by User, the Password Sync component installed on the Active Directory machine receives the password in plain text.
• The password is not stored by the component in any form on any persistent storage such as disk.
• The component connects to the Google Apps domain using administrator credentials provided at the time of registration.
• It then updates the User’s password on Google Apps.
• It also logs the result of operation on the CSV file stored on the installation directory.
• If the user of Active Directory is not present in Google Apps, it ignores the error and doesn’t log into the log file.

Pre-requisites

• Windows Server 2003 Server or Windows Server 2008 Server
• Deployed on Domain Controller Machine
• Enable Provisioning API on Google Apps
• Username on Active Directory and Google Apps should be same

Current Limitations

• The Sync happens only when the password is changed on the Active Directory
• The Sync of Password is only from AD to Google Apps
• The Sync tool currently does not support Google Apps Multi-domain