Google Apps Integration

Jump to: navigation, search

Note: You are currently viewing documentation for Moodle 2.5. Up-to-date documentation for the latest stable version of Moodle may be available here: Google Apps Integration.

Introduction

This guide shows how to integrate Moodle and Google to take the maximum advantage of both platforms working together. This guide is divided in two principal sections, authentication and plugins. The proper functioning of the plugins depends on the correct authentication deployment.


Getting started

Identifying needs

It’s important to detect the following variables before start. Planning on a centralized authentication. Which authorization mechanism prefers the institution?

  • Login using Google Apps credentials
  • Login using Moodle credentials
  • Login using centralized login mechanism

PHP version

  • < 5.5
  • >= 5.5

Moodle version

  • Moodle 1.x
  • Moodle 2.0 - 2.6
  • >= Moodle 2.7

Considerations

This guide only applies to 2.x versions, if you are running an 1.x version you can update to 2.x following this guide.

Download the plugins package

All the plugins explained in this guide are available to download in this package. Some of them are already installed as default, therefore it is not necessary to replace them. For latest versions of each plugin you can download separately.

Creating a project in the Google Developers Console

Follow this guide that shows how to create a project in Google Developers Console.


Authentication

The first step is to centralize the authentication process. If your institution already has a centralized directory we can still use it and just connect both Moodle and Google to it. If you prefer to use the Moodle or Google credentials, you need to know which are the right modules that will help in each case. These are the possible authentication scenarios:

Credentials stored in Moodle

If you choose Moodle as identity provider, you can implement an SSO solution in order to preserve the session between systems and avoid direct connections to database. One of the principal SSO protocols is SAML which can be integrated through a third party plugin that runs a SAML server within Moodle. Google Apps will connect to Moodle SAML endpoint and rely on the Moodle stored credentials. Remember that username and email address must match in both sides.

The required plugins are:

Plugin: GSAML plugin

  • Description: This plugin enables Moodle as a SAML server and is ready to configure Google Apps as a SAML client.
  • Included in Moodle: No
  • Path: auth/gsaml
  • Configuration parameters:
    • Domain Name: Google Apps Domain (e.g., yourschool.edu)
    • RSA key: Plain-text from the RSA key (pem) file. Note that the SAML service supports RSA signed keys only.
    • SSL signing certificate: Plain-text from the X.509 Certificate file here. Note that this is the same file you will upload to Google.
  • More information: Admin guide
  • Plugin page: Moodle plugin page

Block: User Sync block

  • Description: This tool syncs users from Moodle to Google. It can create, update and delete users. Users can be synced by an event or by a cron process.
  • Included in Moodle: No
  • Path: blocks/gdata
  • Configuration parameters:
    • Google Apps username: This is the username (without domain) used to administer your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your username is 'foo'.
    • Google Apps password: This is the password associated with the above username.
    • Google Apps domain: This is the domain associated with your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your domain is 'yourschool.edu'.
    • Use Google Apps email (Yes/No): Update Moodle's user record with the email from the Google Apps domain. The update will occur during the Moodle to Google Apps synchronization.
    • Enable events (Yes/No): If this setting is enabled, then a Moodle user's account will be instantly updated in Google Apps when the user edits his/her account in Moodle's standard edit profile interface. Also, if a Moodle user's account is deleted, then the associated Google Apps account will also be instantly deleted. This only applies to Moodle accounts that are currently being synchronized to Google Apps. This feature is \"best attempt\" only, so failures will fallback to the cron to perform the synchronization.
    • Cron interval (minutes): Enter in how often the Moodle to Google Apps synchronization should be executed on the cron. Enter zero to stop running the synchronization.
    • Cron expire (hours): When the synchronization runs, it locks the cron from being executed again until it has finished. This setting is used to determine when that lock has expired. Consider setting this to a high value especially on first runs with a lot of users.
  • Considerations:
    • Supported from version 2.0 to 2.6.5+.
    • Moodle credentials are stored in a database and the passwords are hashed on different algorithms depending the PHP version that is used. Moodle uses the MD5 hashing algorithm on PHP < 5.5 and BCrypt on PHP >= 5.5. Only clear text, MD5 and SHA1 passwords are supported for Google Apps password syncing proposes. For changing hash algorithm follow this guide.
  • More information: Admin guide
  • Plugin page: Moodle plugin page

Follow this guide to configure properly both plugins.

Credentials stored in Google

Users can login to Moodle using the Google Apps stored credentials through OAuth2 sign in method. Remember that OpenID 2.0 authentication method is deprecated and it has been migrated to OAuth 2.0 (OpenID Connect). In this case user and mail fields must match in both platforms. Moodle has a third party plugin that has been already configured to support Google Apps service.

Plugin: OAuth2 plugin

  • Description: This plugin is ready to connect to Google Apps server just configuring the project information of the Google developers console.
  • Included in Moodle: No
  • Path: auth/googleoauth2
  • Configuration parameters:
    • Google Client ID: Your client ID can be generated in the Google console.
    • Google Client secret: Your client Secret can be generated in the Google console.
  • More information: Admin guide
  • Plugin page: Moodle plugin page

Follow this guide to configure properly the plugin.

Credentials stored in other identity provider

If the organization is using an existing identity provider (e.g. LDAP, Active Directory, DB, etc) it is recommended to configure an SSO solution in order to allow access to Moodle and Google with the same credentials and to keep alive the session between them. We recommend installing and configuring an Access Management Solution like OpenAM that works as a SAML/OAuth2 server to interconnect the institution's systems. If you only configure the LDAP plugin in Moodle, it will use same credentials but it won’t start a session in Google and the Google related plugins will request to user to login again. This is why the SSO server is important.

Two options are available in order to connect Moodle to an SSO server. You can either install a SAML client or an OAuth2 client, depending the type of SSO server you are using. If you don’t have an SSO server please follow this guide that explains how to install an Access Management Solution ( OpenAM ).

-First case: Connecting to a SAML server

Plugin: OneLogin plugin

  • Description: This plugin works as a SAML client and connects to your SAML server (like SimpleSAML, OpenAM, etc) displaying the authorization mechanism and getting back to Moodle with a logged in status.
  • Included in Moodle: No
  • Path: auth/onelogin_saml
  • Configuration parameters:
    • SSO Identity Provider URL: Single sign-on identity provider URL for your server SSO SAML Issuer URL: SAML Issuer URL for your company
    • Automatically create users? (Yes/No) : Check to automatically create local user accounts which do not already exist. By default, the accounts are created without a password, and the user must login via SAML identity verification.
    • Certificate Key: Secret digital security encryption certificate key.
  • More information: Admin guide
  • Plugin page: Moodle plugin page

Follow this guide to configure properly the plugin ( based on OpenAM ).

-Second case: Connecting to an OAuth2 server

Plugin: Customized OAuth2 plugin

  • Description: This plugin needs some code edited in order to connect with your own SSO server.
  • Included in Moodle: No
  • Path: auth/googleoauth2
  • Configuration parameters:
    • Google Client ID: Your client ID can be generated in the Google console.
    • Google Client secret: Your client Secret can be generated in the Google console.
  • More information: Admin guide
  • Plugin page: Moodle plugin page

Follow this guide to configure properly the plugin ( based on OpenAM ).


Plugins and configurations

Some of this plugins are already installed in Moodle 2.x, some others require to be installed (just copying the files to their respective directory) and the rest are Moodle features that can be configured to integrate with Google services.

Google Apps menu

Block: Google Apps block

  • Description: A Google Apps block on the Moodle Front Page displays links to Google Start Page, Google Docs, Google Calendar and Gmail.
  • Included in Moodle: No
  • Path: blocks/gaccess
  • Configuration parameters:
    • Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu)
    • New Window Links (Yes/No): If selected links will open in new window.
    • Show GMail Link (Yes/No): If selected GMail link will be shown.
    • Show Google Drive Link (Yes/No): If selected Google Drive link will be shown.
    • Show Google+ Link (Yes/No): If selected Google+ link will be shown.
    • Show Google Calendar Link (Yes/No): If selected Google Calendar link will be shown.
    • Show Google Classroom Link (Yes/No): If selected Google Classroom link will be shown.
    • More information: Admin guide
    • Plugin page: Moodle plugin page

Mail integration

Block: Gmail block

  • Description: A Gmail block in Moodle that displays the latest Gmail messages on the Moodle Front Page.
  • Included in Moodle: No
  • Path: blocks/gmail
  • Configuration parameters:
    • Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu)
    • User Name from: This is the Moodle user field that the Google User is derived from - defaults to username, but email is another possibility
    • OAuth Consumer Secret: This is the same value you find on Google's Manage OAuth Access page under Advanced tools.
    • Unread Message Count: The number of unread messages you would like displayed in the gmail block. Leave as zero for no limit.
    • New Window Links (Yes/No): If selected links will open in new window.
    • Show First Name (Yes/No): Show the author's first name next to their message.
    • Show Last Name (Yes/No): Show the author's last name next to their message.
  • More information: Admin guide
  • Plugin page: Moodle plugin page
  • Considerations:
    • This plugin only works when we use Moodle as identity provider, GSAML plugin is enabled and the SSO configuration is enabled in Google Apps.

Drive integration

Plugin: Google Drive repository

  • Description: This is a repository add-on that pulls files from Google Drive to Moodle.
  • Included in Moodle: Yes
  • Path: /repository/googledrive
  • Configuration parameters:
    • Repository plugin name: Name to be displayed.
    • Client ID: Developer console project ID.
    • Secret: Developer console project Secret.
  • More information: Admin guide

Plugin: Google Drive portfolio

  • Description: This is a portfolio add-on that push files from your computer to Google Drive and then to Moodle.
  • Included in Moodle: Yes
  • Path: /portfolio/googledocs
  • Configuration parameters:
    • Repository plugin name: Name to be displayed.
    • Client ID: Developer console project ID.
    • Secret: Developer console project Secret.
  • More information: Admin guide

Google+ integration

Plugin: Picasa Web Album repository (Google+ Photos)

  • Description: This is a repository add-on that pulls photos from Picasa to Moodle.
  • Included in Moodle: Yes
  • Path: /repository/picasa
  • Configuration parameters:
    • Repository plugin name: Name to be displayed.
    • Client ID: Developer console project ID.
    • Secret: Developer console project Secret.
  • More information: Admin guide

Plugin: Picasa Web Album portfolio (Google+ Photos)

  • Description: This is a portfolio add-on that pushes photos to Picasa from Moodle.
  • Included in Moodle: Yes
  • Path: /portfolio/picasa
  • Configuration parameters:
    • Repository plugin name: Name to be displayed.
    • Client ID: Developer console project ID.
    • Secret: Developer console project Secret.
  • More information: Admin guide

Youtube integration

Configuration: Youtube video repository

  • Description: This is a repository add-on that pulls videos from Youtube to Moodle.
  • Included in Moodle: Yes
  • Path: /repository/youtube
  • Configuration parameters:
    • Repository plugin name: Name to be displayed.
  • More information: Admin guide

Hangouts integration

Configuration: Embedding Hangouts

  • Description: There’s no a plugin for Hangouts integration, but it can be used embedding the URLs.
  • Included in Moodle: No
  • Configuration:
  • More information: Admin guide

Calendar integration

Configuration: Calendar syncing

  • Description: There’s no a plugin for Google Calendar, but the Moodle calendar has an option * to import external calendars.
  • Included in Moodle: No
  • Configuration:
  • More information: Admin guide

Classroom integration

Configuration: Importing grades

  • Description: There’s no a plugin for Google Classroom, but Classroom grades can be exported and imported into Moodle.
  • Included in Moodle: No
  • Configuration:
    • Exporting grades from Google Classroom guide
    • Adapting format to Google Classroom guide
    • Importing grades to Moodle guide
  • More information:

Other integrations

Plugin: Fusion Tables export

  • Description: Export grades to a Google Fusion Table
  • Included in Moodle: No
  • Path: /grade/export/fusion
  • Configuration:
  • More information: Admin guide