TL;DR: Keeping your Keychain and SSO passwords in sync will now be easier than ever. Please watch the video below to learn how to use the tool. You can stop reading if you don't have a Mac.
Tonight we will be rolling out Keychain Minder, an open source tool from Google that we've adapted for internal use.
In a nutshell, when users in a Mac change their login passwords (the SSO password), macOS will update the login Keychain to match. However, in an enterprise environment like ours, where the password is managed centrally and synchronized with the machine via an SSO backend this doesn't happen. Instead, macOS has a built-in mechanism that appears after authenticating at the login window to prompt users to update their Keychain passwords, but many of us don't know what a Keychain is, don't understand the prompt, or already forgot the old password. So we just ignore the prompt, which creates a constant flow of macOS Keychain "Please enter your password..." prompts that makes our macOS machines basically unusable.
Who is this for?
Anybody with a macOS machine that starts showing constant Keychain password prompts after an SSO password change.
How do I install it?
Starting tonight, we will push the tool out automagically to the MM Mac fleet.
How do I use it?
Please watch https://drive.google.com/open?id=0B2O4b3UzmGjhbWtSQjA1bGFJUHM. This is a 1 minute video.
Many kudos to Guillermo and John for their work on getting this tool production ready.
Thank you for your time team! Please let me know if you have any questions.