sso in office 365 & moodle

8/9/2019 SSO in Office 365 & Moodle

1/12

How to use Single Sign-on withOfce 365?

Administrator Instructions

Preparing your Ofce 365 account or single sign-on with your !oodle

installation"our Ofce 365 installation needs to #e prepared or wor$ing with !oodle% &his is

done #y managing your directory called the 'indows A(ure Acti)e *irectory which

is the directory underlying Ofce 365%

+% ,eore you can use !oodle you will need to create an A(ure su#scription% "ou

will #e reuired to enter your credit card and phone num#er or this% Howe)er

you will not #e charged or the su#scription i you do not setup .!/s etc and

only use it or accessing the directory%0% "ou can do this using the ollowing steps

a% 1o to https2www%windowsa(ure%com#% Sign in using your Ofce 365 account and use your Ofce 365 admin

account as the credentials% &he picture #elow highlights the lin$ to clic$

to enter your Ofce 365 credentials

3% Ater you do this and i you do not ha)e an A(ure su#scription you will see the

ollowing screen% 4lic$ the highlighted lin$ to create an A(ure su#scription
https://www.windowsazure.com/https://www.windowsazure.com/


2/12

a% Sign up or the deault oer%


3/12

#% Ater you are signed up you should see this screen% 4lic$ on the portal

as shown

c% 1o past any o the education screens etc% and you should get to the

portal which can also #e accessed later thru thehttps2manage%windowsa(ure%com lin$% It should li$e as shown #elow%

4lic$ on the Acti)e *irectory 7tension and ma$e sure you select the

directory ta# as highlighted #elow
https://manage.windowsazure.com/https://manage.windowsazure.com/


4/12

d% 4lic$ on the -8 arrow on the name o your directory entry% &his will lead

to the directory management screen as shown #elow% In that screen

the deault )iew is users% 4lic$ on the integrated apps ta# as shown

#elow


5/12

e% &his will show you apps that that are integrated with your a(ure acti)e

directory which are none% 'e will now create a new app #y clic$ing the

add new app #utton as shown #elow

% In the new app add dialog name the app9I named it !oodleApp: and

choose ;ead Access < Single Signon to your directory


6/12

g% 'hen you clic$ ne7t you will #e as$ed or the App =;I and App =;>%

&he App =;I is a uniue name or the app and app =;> is the http

endpoint o your !oodle installation% ote that you will ha)e to ena#le

SS> or hhtps or your moodle installation and will enter the httpsendpoints% In my case my !oodle installation is at

mymoodle%cloudapp%net9"es it is hosted as a .! in A(ure@:% So I enter it

as ollows


7/12

h% 'hen you clic$ o$ay your app will ha)e #een added to

A(ureActi)e*irectory as shown #elow


8/12

i% &here are a couple more )alues and changes you need to ma$e and

write down some )alues which you will need in the ne7t section% &he

simplest way is to clic$ on the na#le your app or e7ternal users lin$

and then press the 4lic$ onBgure access lin$C as shown%


9/12

D% "ou will see the screen #elow


10/12

$% &a$e note o the ollowing in otepadi% 4lientId E In my case its 6F6aG0dG-d+c-6d-Gc53-

+e5F3aece6% &his is also reerred to as applicationidl% 4hange the ;eply =;> rom the deault to add on

autha(ureadlogincall#ac$%php% So in my case it will loo$ li$e

https2mymoodle%cloudapp%netautha(ureadlogincall#ac$%php%m% Add a $ey with an e7piry o 0 yearsn% Hit the sa)e #utton and ma$e sure you copy the $ey )alue into

notepad E this is your symmetic $eyo% Hit the .iew ndpoints #utton and get your uni)ersity #y loo$ing at the

ederation data J!> and copying the )alue ater login%windows%net and

ederation metadata not including the mar$ and sa)e this as

uni)ersity in your notepad% Kor me its cc3G5+6-#G-c00-a00#-

F+caGd#G+
https://mymoodle.cloudapp.net/auth/azuread/logincallback.phphttps://mymoodle.cloudapp.net/auth/azuread/logincallback.php


11/12

p% "ou should $now the name o your domain that is registered or your

uni)ersity with Ofce 365% Kor e7ample or me its

uni)ogirish%onmicrosot%com% 4opy this )alue into your notepad as well% "ou are all done registering

Adding plugs-ins to !oodle installation+: &here are 0 plug-ins you need to install to ena#le Ofce 365 single sign on -

a: A(ure A* ,loc$ #: A(ure A* Auth0: 4reate a older call A(ureA* in the #loc$s directory o your moodle

installation% 4opy all the Bles in the A(ureA* #loc$ plug into this directory3: 4reate a older call A(ureA* in the #loc$s directory o your moodle

installation% 4opy all the Bles in the A(ureA* #loc$ plug into this directory: >ogin as admin into your !oodle installation and o$ay the prompts a#out the

new addins%5: "ou should #e ta$en to the settings page o your A(ureA* #loc$-plugin% I you

are not manually na)igate to it rom the Site AdministrationsLPlug-

insL,loc$LA(ure A* menu%6: &he ollowing )alues are reuired 9and are the )alues you sa)ed in notepad:

to ena#le Ofce365%a% =ni)ersity id#% =ni)ersity *omainc% Application Idd% Symmetric Mey

&his is shown in my screen capture rom !oodle

: Once you ha)e updates the a#o)e settings customi(e your site #y placing the

A(ure A* #loc$ onto the home-page% A user with an account in Ofce 365 or


12/12

your uni)ersity will #e a#le to sing-on #y clic$ing the Ofce 365 sign-in #utton

and logout using the logout #utton%

Sync users,y deault the A(ure-A* plug in will sync users rom your Ofce 365 domain into

!oodle i%e% it will create !oodle accounts or all users who are in Ofce 365% I a

user is deleted rom your Ofce365 their account will #e automatically deleted rom

!oodle% I a new user is created in Ofce 365 they will #e automatically created in

!oodle%

&he syncing acti)ity is perormed using the !oodle cron Do#% I you ha)e not ena#led

the moodle cron Do# this synchroni(ation will not ta$e place%

&here is a setting AllowSyncC which is chec$ed on #y deault% I you do not want

this #eha)ior turn o this setting%

=ser >ogon and demand create'hen a new Ofce 365 user rom your uni)ersity domain logs into !oodle they will#e authenticated #y Ofce% I they already ha)e an account in !oodle they will #e

logged into !oodle% Howe)er i they do not ha)e an e7isting !oodle account the

account can #e created on demand% &his #eha)ior is go)erned #y the Pre)ent

Account 4reation *uring >oginC setting in the !anage AuthenticationC ta#% I you

want to disallow this creation unchec$ this #o7%

sso in office 365 & moodle

Documents