While talking to a customer today, he mentioned that Google Apps didn't have a self service password reset option. I can't say I didn't believe him, but I was a bit incredulous. Gmail has a password reset, why not Google Apps?
I quickly googled the situation and found this in the Gmail section:
If your password isn't working, you'll need to go through our password recovery process. Google Apps users, please contact your organization's IT admin for help with password recovery.
Wow. A service designed to reduce your organizational overhead requires helpdesk intervention to reset a password.
Once confirmed as a problem, what about a solution? There are two ways to go about this, Google Apps password reset or Google Apps single sign-on. It depends on your infrastructure I'm sure and I'm probably looking at this from a very EmpowerID-centric view, but neither is a difficult proposition.
Once you have your central identity repository (metadirectory) connecting to Google Apps, it's easy enough to utilize your current self service password reset solution to change your password and synchronize that with Google. This only works if your self service password reset solution can call the Google Apps APIs and shoot along the new password. This isn't always the case.
But if you go the extra couple of inches and federate, you take this password completely out of the equation. Google Apps federated single sign on means that your users don't need to remember another password, their main network logon is all they need to know. If they forget that password, the self service password reset solution you have in place already works; they change the password, sign in and BOOM, they are federated with Google Apps.
You no longer have to worry about Google's inexplicably missing password reset feature because your users are authenticated automatically and you have password reset in place. As great as Google Apps password reset would be, Google Apps SSO is even better.
Take a look at this whitepaper on the Top 5 Federated Single Sign On Scenarios to see how you are going to architect Google Apps SSO into your environment.