Search
Clear search
Close search
Google apps
Main menu

Set up password recovery for users

As a G Suite administrator, you can choose how to let users who aren't administrators get back in to their account if they forget their password:

  • Option 1: Let users reset their own password through an automated system (you need to turn on non-admin password recovery in your Admin console).
  • Option 2: Ask users to contact an administrator to reset their password (requires adding a support message to your sign-in page). 

See below for details.

Option 1: Let users reset passwords themselves

This feature isn’t available if you’re running Single Sign-On or G Suite Password Sync. It also doesn’t work for younger users under the age of 18. See details below

You can let users who aren't administrators reset their own passwords—without having to contact an administrator. Each user has to add a recovery phone number or email address to their account where they can receive recovery instructions via voice, text message, or email. They can then reset their password by entering their Google Account address and following automated instructions.

(Required) Turn on non-admin password recovery

By default, only administrators can reset a forgotten password using the automated system. Here's how to let other users do this, too:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Securityand thenBasic settings.

    To see Security on the dashboard, you might have to click More controls at the bottom.

  3. Under Password recovery, click Enable/disable non-admin user password recovery.

    This link isn't available if you're organization is running SSO or G Suite Password Sync.

  4. Under Password recovery, check Enable non-admin user password recovery.
  5. At the bottom, click Save.
  6. Tell users to set up a recovery phone number or email address where they can receive password recovery instructions (via voice, text message, or email). 

    G Suite for Education users under the age of 18 can't add contact information to their account. They therefore can't recover their password this way. Instead, they have to contact an administrator.

    Immediately remove a user's recovery information when they leave your organization or if their account might be hijacked. See details below.

Now, if any user in your organization clicks Need help? on the sign-in page, they see instructions on recovering their own password. If they've added a recovery phone number or email address to their account and answer questions correctly, they can reset their own password. 

2-step verification: Users with 2-step verification can also follow these steps to reset their own password. If they haven't added recovery information or don't answer questions correctly, they're told to contact an administrator.

Important: Prevent unauthorized access to a user's account

If you turn on non-admin password recovery, immediately remove a user's recovery information if...

  • The user is terminated or leaves your organization. That way they can’t recover their password to access their old account.
  • You suspect the account has been hijacked and the user’s recovery information is no longer legitimate.

To remove a user’s recovery information or check if it’s been hacked, sign in to the account as the user. Then follow steps at  Set up a recovery phone number or email address.

When non-admin password recovery isn't available
  • G Suite for Education users under the age of 18. Younger G Suite for Education users aren’t permitted to add a recovery phone number or email to their account. They therefore can't reset a forgotten password on their own. College-age, administration, and teachers using G Suite for Education can supply a recovery phone number or email, so they can use this feature.
  • Organizations using SSO or GSPS. If your organization is running Single Sign-On (SSO) or G Suite Password Sync for Active Directory (GSPS), you won’t see the enable non-admin user password recovery option in your Admin console. GSPS users must instead use Active Directory to reset a forgotten password.

Option 2: Ask users to contact an administrator

If you don't turn on password recovery for your non-admin users, they need to contact an administrator for help. To help them reach someone on your staff, add the appropriate contact information to their account sign-in page:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Company profileand thenProfile.
  3. In the Support message section, add a message with information on how to contact an administrator at your organization. Include an email address, phone number, or other instructions on getting help from your staff.
  4. Click Save.

If a user clicks Need help? on the sign-in page, and you haven't turned on non-admin password recovery, they see your message. See also, Reset a user's password.

Was this article helpful?
How can we improve it?
Sign in to your account

Get account-specific help by signing in with your G Suite account email address, or learn how to get started with G Suite.