Many organisations use Microsoft services and products for user management. OpenID provides single-sign-on functionality using configurable identity providers, including Azure Active Directory. It is used as part of the Office 365 suite of plugins to connect to Azure Active Directory, but can be configured to provide SSO for other OpenID Connect providers as well.
Head over to Azure, go to "Azure AD", and register an application in your Azure AD tenant for Moodle. Once registered, the CLC need a copy of the:
- Client ID
- Client Key
Additional fields such as manager permissions, hierarchy tags, payroll numbers and other user information you wish to use can be mapped into Moodle.
In order to integrate Moodle with Office 365's OpenID system you will need to know: Client ID, Client Key and the username and password for the Moodle Admin user (We recommend making a dedicated account for this so it can be monitored). There are many configurable options inside the Office365 plugins, however to work correctly with RoadMap we would not recommend changing this yourself.
Detailed setup instructions located at Moodle Docs: https://docs.moodle.org/310/en/Microsoft_365
Considerations:
Data Availability
This plugin is maintained by Microsoft and their development team have created this to comply with OAuth authentication and has a limited number of profile fields available to sync. At this time we are unable to support additional fields directly through Office 365 as the restriction is at Microsoft's Graph API and not from Moodle. (Non technical example would be if there was a paper form we can add more fields to it, however Microsoft are unable to write the information into the boxes).
Object ID, Display Name, Given Name, Surname, Email, Street Address, City, Post Code, State, Country, Job Title, Department, Company Name, Telephone Number, Fax Number, Mobile, Language.
You are able to still have additional fields in Moodle which can be set to required drop downs, or manually populated with bulk uploads; we are testing currently to ascertain if it is possible to have both an Office 365 authentication setup and an additional data sync (CSV) for extra fields. This solution would allow users to SSO with Office 365 whilst keeping their data up to date. This document will be updated as soon as we have confirmation either way.
Setup & Configuration
We are always happy to help our members in anyway possible, we will do everything we are able to to assist your technical team with setting up Office 365. It is important to state that our team are not qualified to use Azure or Windows Portals to configure the application. We are unable to advise or support applying settings outlined in Microsoft's guide within the Azure portal. For Azure portal support you may be required to speak to your Office 365 support team to configure this as anything behind the API we are not certified in.