This is also the approach NJIT has taken which has worked our very well
We require the first login to the GA account to be via the SSO/SAML
entry point. Once the GA account is a validated and active the user may
choose to enable POP/IMAP and maintain a seperate "Google credential".
The Google credential is managed via a local password set/reset facility
we provide. This solution provides the mobility support demands of our
users without exposing institutional credentials.
On 4/21/2009 4:56 PM, Brendan Bellina wrote:
> This is what we have been doing at USC for the last year.
> Another point to consider though is whether you the Google Account
> lifecycle is the same as your enterprise account lifecycle. If your
> enterprise accounts are terminated after graduation but you want the
> Google Apps service to work for life, then tying GA into your SSO
> environment is going to require that you rethink the account lifecycle
> in your SSO environment.
> On Apr 21, 2009, at 12:48 PM, David Bantz wrote:
>> Another alternative is to allow POP/IMAP access to Gmail account, but
>> with its own unique password.
>> That may sound inconvenient for users, but recognize that many or
>> most will store their POP/IMAP password in their POP/IMAP client
>> anyway so they don't repeatedly enter it.
>> David Bantz
>> On Tue, 21 Apr 2009, at 11:39 , Alan Sill wrote:
>>> Hi Barry,
>>> On Apr 21, 2009, at 2:32 PM, Barry R Ribbeck wrote:
>>>> Be aware that the the following has appeared on this list before.
>>>> Linking your Auth system into Google is fine and does not expose your
>>>> institutional accounts password, however if the user base wishes to use
>>>> PDA access to POP and IMAP function of GMAIL, this will expose their
>>>> institutional credentials and has forced some to rethink the sync
>>>> strategy. This may be something to consider before committing to
>>>> an SSO
>>>> strategy with GMAIL.
>>> Good point. I believe this can be solved completely by requiring
>>> SSL access via IMAP, and not allowing POP access. This is a good
>>> policy regardless of the underlying mail system.
>>> Alan Sill, Ph.D
>>> Senior Scientist, High Performance Computing Center
>>> Adjunct Professor of Physics
>>> : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
>>> : e-mail: [log in to unmask] <mailto:[log in to unmask]> ph.
>>> 806-742-4350 fax 806-742-4358 :