Hi Sam, The Google Apps SSO option is only for the web applications. Currently there is no delegated authentication mechanism for the non- web protocols (SMTP, IMAP, POP3, XMPP).
The workaround is what Ryan described, syncing passwords. -alex On Nov 7, 1:39 pm, SamOsborne <[EMAIL PROTECTED]> wrote: > Hi Ryan, > > You have misunderstood my question. I'm actually interested in using > SSO and if it is possible to then use a mail client with SSO. > > Sam. > > On Nov 8, 5:35 am, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: > > > You'll need to extract from AD all of your account passwords in SHA-1. I > > don't know enough about AD, however, to tell you if that's how they are > > stored, or if that's a configurable option. However, if it's possible for > > you to get those passwords in SHA-1, you'll need to export that information > > somehow into a file you can import to Google to setup the accounts. Then > > going forward, when a user changes their password using whatever process you > > currently have, there would be an additional step that would use the Google > > API to update the user's Google password at the same time. > > > On Nov 7, 2007 1:38 AM, Ahmed <[EMAIL PROTECTED]> wrote: > > > > Hi Ryan, > > > > out of curiosuity, how would we synchronise Gmail to have the same > > > pass as our AD user's pass's? > > > > Thanks in adv! > > > > On Nov 7, 8:27 pm, "Ryan Shelley" <[EMAIL PROTECTED]> wrote: > > > > If you configure the new Google accounts with the user's SHA-1 encrypted > > > > password, then yes, the user can use their normal username/password to > > > > access Gmail via POP3. Keep in mind, however, you'll want to > > > synchronize > > > > password changes within your AD environment with an update to Gmail. > > > > > On Nov 6, 2007 2:45 PM, SamOsborne <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > I'm thinking of implementing gmail with SAML SSO for our school. We > > > > > currently have an Active Directory setup. If I set this up with SAML > > > > > SSO to utilise the same credentials stored on our server does this > > > > > mean that users can only check their emails via gmails web based > > > > > feature? Or can I still set up their email client (Apple Mail mostly) > > > > > to imap.gmail.com or whatever and can it then use the SAML to log on? > > > > > > Thanks, > > > > > Sam- Hide quoted text - > > > > > - Show quoted text -- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
