Google Apps Integration: Difference between revisions
No edit summary |
No edit summary |
||
(17 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
This guide shows how to integrate Moodle and Google to take the maximum advantage of both platforms working together. This guide is divided in two principal sections, authentication and plugins. The proper functioning of the plugins depends on the correct authentication deployment. | This guide shows how to integrate Moodle and Google to take the maximum advantage of both platforms working together. This guide is divided in two principal sections, authentication and plugins. The proper functioning of the plugins depends on the correct authentication deployment. | ||
== Getting started == | == Getting started == | ||
=== Identifying needs === | |||
Identifying needs | |||
It’s important to detect the following variables before start. | It’s important to detect the following variables before start. | ||
Planning on a centralized authentication. Which authorization mechanism prefers the institution? | Planning on a centralized authentication. Which authorization mechanism prefers the institution? | ||
Login using Google Apps credentials | * Login using Google Apps credentials | ||
Login using Moodle credentials | * Login using Moodle credentials | ||
Login using centralized login mechanism | * Login using centralized login mechanism | ||
PHP version | PHP version | ||
< 5.5 | * < 5.5 | ||
>= 5.5 | * >= 5.5 | ||
Moodle version | Moodle version | ||
Moodle 1.x | * Moodle 1.x | ||
Moodle 2.0 - 2.6 | * Moodle 2.0 - 2.6 | ||
>= Moodle 2.7 | * >= Moodle 2.7 | ||
Considerations | === Considerations === | ||
This guide only applies to 2.x versions, if you are running an 1.x version you can update to 2.x following this guide. | This guide only applies to 2.x versions, if you are running an 1.x version you can update to 2.x following [https://docs.moodle.org/27/en/Upgrading_to_Moodle_2.0 this guide]. | ||
Download the plugins package | === Download the plugins package === | ||
All the plugins explained in this guide are available to download in this package. Some of them are already installed as default, therefore it is not necessary to replace them. For latest versions of each plugin you can download separately. | All the plugins explained in this guide are available to download in [https://github.com/jrschumacher/moodle-google_apps this package]. Some of them are already installed as default, therefore it is not necessary to replace them. For latest versions of each plugin you can download separately. | ||
Creating a project in the Google Developers Console | === Creating a project in the Google Developers Console === | ||
Follow [https://developers.google.com/console/help/new/#managingprojects this guide] that shows how to create a project in Google Developers Console. | |||
== Authentication == | == Authentication == | ||
The first step is to centralize the authentication process. If your institution already has a centralized directory we can still use it and just connect both Moodle and Google to it. If you prefer to use the Moodle or Google credentials, you need to know which are the right modules that will help in each case. These are the possible authentication scenarios: | The first step is to centralize the authentication process. If your institution already has a centralized directory we can still use it and just connect both Moodle and Google to it. If you prefer to use the Moodle or Google credentials, you need to know which are the right modules that will help in each case. These are the possible authentication scenarios: | ||
Credentials stored in Moodle | === Credentials stored in Moodle === | ||
If you choose Moodle as identity provider, you can implement an SSO solution in order to preserve the session between systems and avoid direct connections to database. One of the principal SSO protocols is SAML which can be integrated through a third party plugin that runs a SAML server within Moodle. Google Apps will connect to Moodle SAML endpoint and rely on the Moodle stored credentials. Remember that username and email address must match in both sides. | If you choose Moodle as identity provider, you can implement an SSO solution in order to preserve the session between systems and avoid direct connections to database. One of the principal SSO protocols is SAML which can be integrated through a third party plugin that runs a SAML server within Moodle. Google Apps will connect to Moodle SAML endpoint and rely on the Moodle stored credentials. Remember that username and email address must match in both sides. | ||
The plugins | The required plugins are: | ||
GSAML plugin | ==== Plugin: GSAML plugin ==== | ||
Description: This plugin enables Moodle as a SAML server and is ready to configure Google Apps as a SAML client. | * Description: This plugin enables Moodle as a SAML server and is ready to configure Google Apps as a SAML client. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: auth/gsaml | * Path: auth/gsaml | ||
Configuration parameters: | * Configuration parameters: | ||
Domain Name: Google Apps Domain (e.g., yourschool.edu) | ** Domain Name: Google Apps Domain (e.g., yourschool.edu) | ||
RSA key: Plain-text from the RSA key (pem) file. Note that the SAML service supports RSA signed keys only. | ** RSA key: Plain-text from the RSA key (pem) file. Note that the SAML service supports RSA signed keys only. | ||
SSL signing certificate: Plain-text from the X.509 Certificate file here. Note that this is the same file you will upload to Google. | ** SSL signing certificate: Plain-text from the X.509 Certificate file here. Note that this is the same file you will upload to Google. | ||
More information: Admin guide | * More information: [http://www.appsedudemo.com/home/lmsthirdparty/moodlegeneral/moodle-auth-gsaml Admin guide] | ||
Plugin page: Moodle plugin page (outdated) | * Plugin page: Moodle [https://github.com/jrschumacher/moodle-google_apps/tree/master/auth/gsaml plugin page] (outdated) | ||
User Sync block | ==== Block: User Sync block ==== | ||
Description: This tool syncs users from Moodle to Google. It can create, update and delete users. Users can be synced by an event or by a cron process. | * Description: This tool syncs users from Moodle to Google. It can create, update and delete users. Users can be synced by an event or by a cron process. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: blocks/gdata | * Path: blocks/gdata | ||
Configuration parameters: | * Configuration parameters: | ||
Google Apps username: This is the username (without domain) used to administer your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your username is 'foo'. | ** Google Apps username: This is the username (without domain) used to administer your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your username is 'foo'. | ||
Google Apps password: This is the password associated with the above username. | ** Google Apps password: This is the password associated with the above username. | ||
Google Apps domain: This is the domain associated with your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your domain is 'yourschool.edu'. | ** Google Apps domain: This is the domain associated with your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your domain is 'yourschool.edu'. | ||
Use Google Apps email (Yes/No): Update Moodle's user record with the email from the Google Apps domain. The update will occur during the Moodle to Google Apps synchronization. | ** Use Google Apps email (Yes/No): Update Moodle's user record with the email from the Google Apps domain. The update will occur during the Moodle to Google Apps synchronization. | ||
Enable events (Yes/No): If this setting is enabled, then a Moodle user's account will be instantly updated in Google Apps when the user edits his/her account in Moodle's standard edit profile interface. Also, if a Moodle user's account is deleted, then the associated Google Apps account will also be instantly deleted. This only applies to Moodle accounts that are currently being synchronized to Google Apps. This feature is \"best attempt\" only, so failures will fallback to the cron to perform the synchronization. | ** Enable events (Yes/No): If this setting is enabled, then a Moodle user's account will be instantly updated in Google Apps when the user edits his/her account in Moodle's standard edit profile interface. Also, if a Moodle user's account is deleted, then the associated Google Apps account will also be instantly deleted. This only applies to Moodle accounts that are currently being synchronized to Google Apps. This feature is \"best attempt\" only, so failures will fallback to the cron to perform the synchronization. | ||
Cron interval (minutes): Enter in how often the Moodle to Google Apps synchronization should be executed on the cron. Enter zero to stop running the synchronization. | ** Cron interval (minutes): Enter in how often the Moodle to Google Apps synchronization should be executed on the cron. Enter zero to stop running the synchronization. | ||
Cron expire (hours): When the synchronization runs, it locks the cron from being executed again until it has finished. This setting is used to determine when that lock has expired. Consider setting this to a high value especially on first runs with a lot of users. | ** Cron expire (hours): When the synchronization runs, it locks the cron from being executed again until it has finished. This setting is used to determine when that lock has expired. Consider setting this to a high value especially on first runs with a lot of users. | ||
Considerations: | * Considerations: | ||
Supported from version 2.0 to 2.6.5+. | ** Supported from version 2.0 to 2.6.5+. | ||
Moodle credentials are stored in a database and the passwords are hashed on different algorithms depending the PHP version that is used. Moodle uses the MD5 hashing algorithm on PHP < 5.5 and BCrypt on PHP >= 5.5. Only clear text, MD5 and SHA1 passwords are supported for Google Apps password syncing proposes. For changing hash algorithm follow this guide. | ** Moodle credentials are stored in a database and the passwords are hashed on different algorithms depending the PHP version that is used. Moodle uses the MD5 hashing algorithm on PHP < 5.5 and BCrypt on PHP >= 5.5. Only clear text, MD5 and SHA1 passwords are supported for Google Apps password syncing proposes. For changing hash algorithm follow [https://sites.google.com/a/appsedudemo.com/site/home/lmsthirdparty/moodlegeneral/moodle-changing-bcrypt-to-md5 this guide]. | ||
More information: Admin guide | * More information: [https://docs.moodle.org/24/en/Google_Apps_Integration#User_Sync_Block_Settings Admin guide] | ||
Plugin page: Moodle plugin page | * Plugin page: Moodle [https://github.com/jrschumacher/moodle-google_apps/tree/master/blocks/gdata plugin page] | ||
Follow this guide to configure properly both plugins. | Follow [http://www.appsedudemo.com/home/lmsthirdparty/moodlegeneral/moodle-auth-gsaml this guide] to configure properly both plugins. | ||
Credentials stored in Google | === Credentials stored in Google === | ||
Users can login to Moodle using the Google Apps stored credentials through OAuth2 sign in method. Remember that OpenID 2.0 authentication method is deprecated and it has been migrated to OAuth 2.0 (OpenID Connect). In this case user and mail fields must match in both platforms. Moodle has a third party plugin that has been already configured to support Google Apps service. | Users can login to Moodle using the Google Apps stored credentials through OAuth2 sign in method. Remember that OpenID 2.0 authentication method is deprecated and it has been migrated to OAuth 2.0 (OpenID Connect). In this case user and mail fields must match in both platforms. Moodle has a third party plugin that has been already configured to support Google Apps service. | ||
OAuth2 plugin | ==== Plugin: OAuth2 plugin ==== | ||
Description: This plugin is ready to connect to Google Apps server just configuring the project information of the Google developers console. | * Description: This plugin is ready to connect to Google Apps server just configuring the project information of the Google developers console. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: auth/googleoauth2 | * Path: auth/googleoauth2 | ||
Configuration parameters: | * Configuration parameters: | ||
Google Client ID: Your client ID can be generated in the Google console. | ** Google Client ID: Your client ID can be generated in the Google console. | ||
Google Client secret: Your client Secret can be generated in the Google console. | ** Google Client secret: Your client Secret can be generated in the Google console. | ||
More information: Admin guide | * More information: [https://github.com/mouneyrac/moodle-auth_googleoauth2 Admin guide] | ||
Plugin page: Moodle plugin page | * Plugin page: [https://moodle.org/plugins/view.php?plugin=auth_googleoauth2 Moodle plugin page] | ||
Follow this guide to configure properly the plugin. | Follow [http://mouneyrac.github.io/moodle-auth_googleoauth2/ this guide] to configure properly the plugin. | ||
Credentials stored in other identity provider | === Credentials stored in other identity provider === | ||
If the organization is using an existing identity provider (e.g. LDAP, Active Directory, DB, etc) it is recommended to configure an SSO solution in order to allow access to Moodle and Google with the same credentials and to keep alive the session between them. We recommend installing and configuring an Access Management Solution like OpenAM that works as a SAML/OAuth2 server to interconnect the institution's systems. If you only configure the LDAP plugin in Moodle, it will use same credentials but it won’t start a session in Google and the Google related plugins will request to user to login again. This is why the SSO server is important. | If the organization is using an existing identity provider (e.g. LDAP, Active Directory, DB, etc) it is recommended to configure an SSO solution in order to allow access to Moodle and Google with the same credentials and to keep alive the session between them. We recommend installing and configuring an Access Management Solution like OpenAM that works as a SAML/OAuth2 server to interconnect the institution's systems. If you only configure the LDAP plugin in Moodle, it will use same credentials but it won’t start a session in Google and the Google related plugins will request to user to login again. This is why the SSO server is important. | ||
Two options are available in order to connect Moodle to an SSO server. You can either install a SAML client or an OAuth2 client, depending the type of SSO server you are using. If you don’t have an SSO server please follow this guide that explains how to install an Access Management Solution ( OpenAM ). | Two options are available in order to connect Moodle to an SSO server. You can either install a SAML client or an OAuth2 client, depending the type of SSO server you are using. If you don’t have an SSO server please follow [http://www.appsedudemo.com/home/simple-sign-on/installing-openam this guide] that explains how to install an Access Management Solution ( OpenAM ). | ||
-First case: Connecting to a SAML server | -First case: Connecting to a SAML server | ||
OneLogin plugin | ==== Plugin: OneLogin plugin ==== | ||
Description: This plugin works as a SAML client and connects to your SAML server (like SimpleSAML, OpenAM, etc) displaying the authorization mechanism and getting back to Moodle with a logged in status. | * Description: This plugin works as a SAML client and connects to your SAML server (like SimpleSAML, OpenAM, etc) displaying the authorization mechanism and getting back to Moodle with a logged in status. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: auth/onelogin_saml | * Path: auth/onelogin_saml | ||
Configuration parameters: | * Configuration parameters: | ||
SSO Identity Provider URL: Single sign-on identity provider URL for your server | ** SSO Identity Provider URL: Single sign-on identity provider URL for your server SSO SAML Issuer URL: SAML Issuer URL for your company | ||
SSO SAML Issuer URL: SAML Issuer URL for your company | ** Automatically create users? (Yes/No) : Check to automatically create local user accounts which do not already exist. By default, the accounts are created without a password, and the user must login via SAML identity verification. | ||
Automatically create users? (Yes/No) : Check to automatically create local user accounts which do not already exist. By default, the accounts are created without a password, and the user must login via SAML identity verification. | ** Certificate Key: Secret digital security encryption certificate key. | ||
* More information: [https://onelogin.zendesk.com/hc/en-us/articles/201173644-Configuring-SAML-for-Moodle2 Admin guide] | |||
More information: Admin guide | * Plugin page: [https://moodle.org/plugins/view.php?plugin=auth_onelogin_saml Moodle plugin page] | ||
Plugin page: Moodle plugin page | |||
Follow this guide to configure properly the plugin ( based on OpenAM ). | Follow [http://www.appsedudemo.com/home/simple-sign-on/adapting-existing-system-to-connect-to-openam-via-saml-using-onelogin-developed-client this guide] to configure properly the plugin ( based on OpenAM ). | ||
-Second case: Connecting to an OAuth2 server | -Second case: Connecting to an OAuth2 server | ||
Customized OAuth2 plugin | ==== Plugin: Customized OAuth2 plugin ==== | ||
Description: This plugin needs some code edited in order to connect with your own SSO server. | * Description: This plugin needs some code edited in order to connect with your own SSO server. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: auth/googleoauth2 | * Path: auth/googleoauth2 | ||
Configuration parameters: | * Configuration parameters: | ||
Google Client ID: Your client ID can be generated in the Google console. | ** Google Client ID: Your client ID can be generated in the Google console. | ||
Google Client secret: Your client Secret can be generated in the Google console. | ** Google Client secret: Your client Secret can be generated in the Google console. | ||
More information: Admin guide | * More information: [http://mouneyrac.github.io/moodle-auth_googleoauth2/ Admin guide] | ||
Plugin page: Moodle plugin page | * Plugin page: [https://moodle.org/plugins/view.php?plugin=auth_googleoauth2 Moodle plugin page] | ||
Follow this guide to configure properly the plugin ( based on OpenAM ). | Follow [http://www.appsedudemo.com/home/simple-sign-on/adapting-existing-systems-to-connect-with-openam-via-oauth2-using-a-generic-code-library this guide] to configure properly the plugin ( based on OpenAM ). | ||
== Plugins and configurations == | |||
Some of this plugins are already installed in Moodle 2.x, some others require to be installed (just copying the files to their respective directory) and the rest are Moodle features that can be configured to integrate with Google services. | |||
=== Google Apps menu === | |||
==== Block: Google Apps block ==== | |||
* Description: A Google Apps block on the Moodle Front Page displays links to Google Start Page, Google Docs, Google Calendar and Gmail. | |||
* Included in Moodle: No | |||
* Path: blocks/gaccess | |||
* Configuration parameters: | |||
** Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu) | |||
** New Window Links (Yes/No): If selected links will open in new window. | |||
** Show GMail Link (Yes/No): If selected GMail link will be shown. | |||
** Show Google Drive Link (Yes/No): If selected Google Drive link will be shown. | |||
** Show Google+ Link (Yes/No): If selected Google+ link will be shown. | |||
** Show Google Calendar Link (Yes/No): If selected Google Calendar link will be shown. | |||
** Show Google Classroom Link (Yes/No): If selected Google Classroom link will be shown. | |||
** More information: [https://docs.moodle.org/24/en/Google_Apps_Integration#Google_Apps_Block_Settings Admin guide] | |||
** Plugin page: [https://github.com/jrschumacher/moodle-google_apps/tree/master/blocks/gdata Moodle plugin page] | |||
=== Mail integration === | |||
==== Block: Gmail block ==== | |||
Description: A | * Description: A Gmail block in Moodle that displays the latest Gmail messages on the Moodle Front Page. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: blocks/ | * Path: blocks/gmail | ||
Configuration parameters: | * Configuration parameters: | ||
Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu) | ** Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu) | ||
New Window Links (Yes/No): If selected links will open in new window. | ** User Name from: This is the Moodle user field that the Google User is derived from - defaults to username, but email is another possibility | ||
Show | ** OAuth Consumer Secret: This is the same value you find on Google's Manage OAuth Access page under Advanced tools. | ||
Show | ** Unread Message Count: The number of unread messages you would like displayed in the gmail block. Leave as zero for no limit. | ||
Show | ** New Window Links (Yes/No): If selected links will open in new window. | ||
Show | ** Show First Name (Yes/No): Show the author's first name next to their message. | ||
** Show Last Name (Yes/No): Show the author's last name next to their message. | |||
More information: Admin guide | * More information: [https://docs.moodle.org/24/en/Google_Apps_Integration#Gmail_Block Admin guide] | ||
Plugin page: Moodle plugin page | * Plugin page: [https://github.com/jrschumacher/moodle-google_apps/tree/master/blocks/gmail Moodle plugin page] | ||
* Considerations: | |||
** This plugin only works when we use Moodle as identity provider, GSAML plugin is enabled and the SSO configuration is enabled in Google Apps. | |||
=== Drive integration === | |||
==== Plugin: Google Drive repository ==== | |||
Description: | * Description: This is a repository add-on that pulls files from Google Drive to Moodle. | ||
Included in Moodle: | * Included in Moodle: Yes | ||
Path: | * Path: /repository/googledrive | ||
Configuration parameters: | * Configuration parameters: | ||
** Repository plugin name: Name to be displayed. | |||
** Client ID: Developer console project ID. | |||
** Secret: Developer console project Secret. | |||
* More information: [https://docs.moodle.org/310/en/Google_Drive_repository Admin guide] | |||
Drive | ==== Plugin: Google Drive portfolio ==== | ||
* Description: This is a portfolio add-on that push files from your computer to Google Drive and then to Moodle. | |||
* Included in Moodle: Yes | |||
* Path: /portfolio/googledocs | |||
* Configuration parameters: | |||
** Repository plugin name: Name to be displayed. | |||
** Client ID: Developer console project ID. | |||
** Secret: Developer console project Secret. | |||
* More information: [https://docs.moodle.org/310/en/Google_Drive_portfolio Admin guide] | |||
Google | === Google+ integration === | ||
Google | ==== Plugin: Picasa Web Album repository (Google+ Photos) ==== | ||
Description: This is a | * Description: This is a repository add-on that pulls photos from Picasa to Moodle. | ||
Included in Moodle: Yes | * Included in Moodle: Yes | ||
Path: / | * Path: /repository/picasa | ||
Configuration parameters: | * Configuration parameters: | ||
Repository plugin name: Name to be displayed. | ** Repository plugin name: Name to be displayed. | ||
Client ID: Developer console project ID. | ** Client ID: Developer console project ID. | ||
Secret: Developer console project Secret. | ** Secret: Developer console project Secret. | ||
More information: Admin guide | * More information: [https://docs.moodle.org/310/en/Picasa_web_album_repository Admin guide] | ||
Google+ | ==== Plugin: Picasa Web Album portfolio (Google+ Photos) ==== | ||
* Description: This is a portfolio add-on that pushes photos to Picasa from Moodle. | |||
* Included in Moodle: Yes | |||
* Path: /portfolio/picasa | |||
* Configuration parameters: | |||
** Repository plugin name: Name to be displayed. | |||
** Client ID: Developer console project ID. | |||
** Secret: Developer console project Secret. | |||
* More information: [https://docs.moodle.org/310/en/Picasa_portfolio Admin guide] | |||
=== Youtube integration === | |||
==== Configuration: Youtube video repository ==== | |||
Description: This is a | * Description: This is a repository add-on that pulls videos from Youtube to Moodle. | ||
Included in Moodle: Yes | * Included in Moodle: Yes | ||
Path: / | * Path: /repository/youtube | ||
Configuration parameters: | * Configuration parameters: | ||
Repository plugin name: Name to be displayed. | ** Repository plugin name: Name to be displayed. | ||
* More information: [https://docs.moodle.org/310/en/Youtube_videos_repository Admin guide] | |||
=== Hangouts integration === | |||
==== Block: Hangouts ==== | |||
Description: | * Description: a plugin for Hangouts integration. | ||
Included in Moodle: | * Included in Moodle: No | ||
* Configuration: Install block | |||
Configuration | * More information: [http://www.moodlenews.com/2016/video-moodle-google-hangout-integration-by-paradisosol/ Moodlenews] | ||
More information: | |||
Hangouts integration | ==== Block: Students Hangouts ==== | ||
* Description: a plugin for Hangouts integration. | |||
* Included in Moodle: No | |||
* Configuration: Install block (WIP - Beta) | |||
* More information: [https://github.com/nadavkav/moodle-block_google_hangout Github] | |||
Embedding Hangouts | ==== Configuration: Embedding Hangouts ==== | ||
Description: There’s no a plugin for Hangouts integration, but it can be used embedding the URLs. | * Description: There’s no a plugin for Hangouts integration, but it can be used embedding the URLs. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Configuration: | * Configuration: | ||
More information: Admin guide | * More information: [http://www.appsedudemo.com/home/lmsthirdparty/moodlegeneral/moodle-and-google-hangouts-integration Admin guide] | ||
Calendar integration | === Calendar integration === | ||
Calendar syncing | ==== Configuration: Calendar syncing ==== | ||
Description: There’s no a plugin for Google Calendar, but the Moodle calendar has an option to import external calendars. | * Description: There’s no a plugin for Google Calendar, but the Moodle calendar has an option * to import external calendars. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Configuration: | * Configuration: | ||
More information: Admin guide | * More information: [https://docs.moodle.org/310/en/Using_Calendar#Google_calendar Admin guide] | ||
Classroom integration | === Classroom integration === | ||
Importing grades | ==== Configuration: Importing grades ==== | ||
Description: There’s no a plugin for Google Classroom, but Classroom grades can be exported and imported into Moodle. | * Description: There’s no a plugin for Google Classroom, but Classroom grades can be exported and imported into Moodle. | ||
Included in Moodle: No | * Included in Moodle: No | ||
Configuration: | * Configuration: | ||
Exporting grades from Google Classroom guide | ** Exporting grades from Google Classroom [https://support.google.com/edu/classroom/answer/6020294?hl=en guide] | ||
Adapting format to Google Classroom guide | ** Adapting format to Google Classroom [http://www.appsedudemo.com/home/lmsthirdparty/moodlegeneral/adapt-classroom-assignment-grades-to-moodle-format guide] | ||
Importing grades to Moodle guide | ** Importing grades to Moodle [https://docs.moodle.org/27/en/Grade_import guide] | ||
More information: | * More information: | ||
Other integrations | === Other integrations === | ||
Fusion Tables export | ==== Plugin: Fusion Tables export ==== | ||
Description: Export grades to a Google Fusion Table | * Description: Export grades to a Google Fusion Table | ||
Included in Moodle: No | * Included in Moodle: No | ||
Path: /grade/export/fusion | * Path: /grade/export/fusion | ||
Configuration: | * Configuration: | ||
More information: Admin guide | * More information: [https://github.com/piersharding/moodle-google/tree/master/grade/export/fusion Admin guide] | ||
==== UK Open University plugins ==== | |||
* [http://www.open.ac.uk/blogs/douls/?p=241 Moodle Portfolio activity] (Uses Google drive collections/folders) (outdated) | |||
* [http://www.open.ac.uk/blogs/douls/?p=262 Google Collaborative activity] (outdated) | |||
[[Category:Plugin]] |
Latest revision as of 23:32, 8 January 2019
Introduction
This guide shows how to integrate Moodle and Google to take the maximum advantage of both platforms working together. This guide is divided in two principal sections, authentication and plugins. The proper functioning of the plugins depends on the correct authentication deployment.
Getting started
Identifying needs
It’s important to detect the following variables before start. Planning on a centralized authentication. Which authorization mechanism prefers the institution?
- Login using Google Apps credentials
- Login using Moodle credentials
- Login using centralized login mechanism
PHP version
- < 5.5
- >= 5.5
Moodle version
- Moodle 1.x
- Moodle 2.0 - 2.6
- >= Moodle 2.7
Considerations
This guide only applies to 2.x versions, if you are running an 1.x version you can update to 2.x following this guide.
Download the plugins package
All the plugins explained in this guide are available to download in this package. Some of them are already installed as default, therefore it is not necessary to replace them. For latest versions of each plugin you can download separately.
Creating a project in the Google Developers Console
Follow this guide that shows how to create a project in Google Developers Console.
Authentication
The first step is to centralize the authentication process. If your institution already has a centralized directory we can still use it and just connect both Moodle and Google to it. If you prefer to use the Moodle or Google credentials, you need to know which are the right modules that will help in each case. These are the possible authentication scenarios:
Credentials stored in Moodle
If you choose Moodle as identity provider, you can implement an SSO solution in order to preserve the session between systems and avoid direct connections to database. One of the principal SSO protocols is SAML which can be integrated through a third party plugin that runs a SAML server within Moodle. Google Apps will connect to Moodle SAML endpoint and rely on the Moodle stored credentials. Remember that username and email address must match in both sides.
The required plugins are:
Plugin: GSAML plugin
- Description: This plugin enables Moodle as a SAML server and is ready to configure Google Apps as a SAML client.
- Included in Moodle: No
- Path: auth/gsaml
- Configuration parameters:
- Domain Name: Google Apps Domain (e.g., yourschool.edu)
- RSA key: Plain-text from the RSA key (pem) file. Note that the SAML service supports RSA signed keys only.
- SSL signing certificate: Plain-text from the X.509 Certificate file here. Note that this is the same file you will upload to Google.
- More information: Admin guide
- Plugin page: Moodle plugin page (outdated)
Block: User Sync block
- Description: This tool syncs users from Moodle to Google. It can create, update and delete users. Users can be synced by an event or by a cron process.
- Included in Moodle: No
- Path: blocks/gdata
- Configuration parameters:
- Google Apps username: This is the username (without domain) used to administer your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your username is 'foo'.
- Google Apps password: This is the password associated with the above username.
- Google Apps domain: This is the domain associated with your Google Apps account. For example, if you login to Google Apps as 'foo@yourschool.edu', your domain is 'yourschool.edu'.
- Use Google Apps email (Yes/No): Update Moodle's user record with the email from the Google Apps domain. The update will occur during the Moodle to Google Apps synchronization.
- Enable events (Yes/No): If this setting is enabled, then a Moodle user's account will be instantly updated in Google Apps when the user edits his/her account in Moodle's standard edit profile interface. Also, if a Moodle user's account is deleted, then the associated Google Apps account will also be instantly deleted. This only applies to Moodle accounts that are currently being synchronized to Google Apps. This feature is \"best attempt\" only, so failures will fallback to the cron to perform the synchronization.
- Cron interval (minutes): Enter in how often the Moodle to Google Apps synchronization should be executed on the cron. Enter zero to stop running the synchronization.
- Cron expire (hours): When the synchronization runs, it locks the cron from being executed again until it has finished. This setting is used to determine when that lock has expired. Consider setting this to a high value especially on first runs with a lot of users.
- Considerations:
- Supported from version 2.0 to 2.6.5+.
- Moodle credentials are stored in a database and the passwords are hashed on different algorithms depending the PHP version that is used. Moodle uses the MD5 hashing algorithm on PHP < 5.5 and BCrypt on PHP >= 5.5. Only clear text, MD5 and SHA1 passwords are supported for Google Apps password syncing proposes. For changing hash algorithm follow this guide.
- More information: Admin guide
- Plugin page: Moodle plugin page
Follow this guide to configure properly both plugins.
Credentials stored in Google
Users can login to Moodle using the Google Apps stored credentials through OAuth2 sign in method. Remember that OpenID 2.0 authentication method is deprecated and it has been migrated to OAuth 2.0 (OpenID Connect). In this case user and mail fields must match in both platforms. Moodle has a third party plugin that has been already configured to support Google Apps service.
Plugin: OAuth2 plugin
- Description: This plugin is ready to connect to Google Apps server just configuring the project information of the Google developers console.
- Included in Moodle: No
- Path: auth/googleoauth2
- Configuration parameters:
- Google Client ID: Your client ID can be generated in the Google console.
- Google Client secret: Your client Secret can be generated in the Google console.
- More information: Admin guide
- Plugin page: Moodle plugin page
Follow this guide to configure properly the plugin.
Credentials stored in other identity provider
If the organization is using an existing identity provider (e.g. LDAP, Active Directory, DB, etc) it is recommended to configure an SSO solution in order to allow access to Moodle and Google with the same credentials and to keep alive the session between them. We recommend installing and configuring an Access Management Solution like OpenAM that works as a SAML/OAuth2 server to interconnect the institution's systems. If you only configure the LDAP plugin in Moodle, it will use same credentials but it won’t start a session in Google and the Google related plugins will request to user to login again. This is why the SSO server is important.
Two options are available in order to connect Moodle to an SSO server. You can either install a SAML client or an OAuth2 client, depending the type of SSO server you are using. If you don’t have an SSO server please follow this guide that explains how to install an Access Management Solution ( OpenAM ).
-First case: Connecting to a SAML server
Plugin: OneLogin plugin
- Description: This plugin works as a SAML client and connects to your SAML server (like SimpleSAML, OpenAM, etc) displaying the authorization mechanism and getting back to Moodle with a logged in status.
- Included in Moodle: No
- Path: auth/onelogin_saml
- Configuration parameters:
- SSO Identity Provider URL: Single sign-on identity provider URL for your server SSO SAML Issuer URL: SAML Issuer URL for your company
- Automatically create users? (Yes/No) : Check to automatically create local user accounts which do not already exist. By default, the accounts are created without a password, and the user must login via SAML identity verification.
- Certificate Key: Secret digital security encryption certificate key.
- More information: Admin guide
- Plugin page: Moodle plugin page
Follow this guide to configure properly the plugin ( based on OpenAM ).
-Second case: Connecting to an OAuth2 server
Plugin: Customized OAuth2 plugin
- Description: This plugin needs some code edited in order to connect with your own SSO server.
- Included in Moodle: No
- Path: auth/googleoauth2
- Configuration parameters:
- Google Client ID: Your client ID can be generated in the Google console.
- Google Client secret: Your client Secret can be generated in the Google console.
- More information: Admin guide
- Plugin page: Moodle plugin page
Follow this guide to configure properly the plugin ( based on OpenAM ).
Plugins and configurations
Some of this plugins are already installed in Moodle 2.x, some others require to be installed (just copying the files to their respective directory) and the rest are Moodle features that can be configured to integrate with Google services.
Block: Google Apps block
- Description: A Google Apps block on the Moodle Front Page displays links to Google Start Page, Google Docs, Google Calendar and Gmail.
- Included in Moodle: No
- Path: blocks/gaccess
- Configuration parameters:
- Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu)
- New Window Links (Yes/No): If selected links will open in new window.
- Show GMail Link (Yes/No): If selected GMail link will be shown.
- Show Google Drive Link (Yes/No): If selected Google Drive link will be shown.
- Show Google+ Link (Yes/No): If selected Google+ link will be shown.
- Show Google Calendar Link (Yes/No): If selected Google Calendar link will be shown.
- Show Google Classroom Link (Yes/No): If selected Google Classroom link will be shown.
- More information: Admin guide
- Plugin page: Moodle plugin page
Mail integration
Block: Gmail block
- Description: A Gmail block in Moodle that displays the latest Gmail messages on the Moodle Front Page.
- Included in Moodle: No
- Path: blocks/gmail
- Configuration parameters:
- Domain Name: This is your Google Apps Domain Name (e.g., yourschool.edu)
- User Name from: This is the Moodle user field that the Google User is derived from - defaults to username, but email is another possibility
- OAuth Consumer Secret: This is the same value you find on Google's Manage OAuth Access page under Advanced tools.
- Unread Message Count: The number of unread messages you would like displayed in the gmail block. Leave as zero for no limit.
- New Window Links (Yes/No): If selected links will open in new window.
- Show First Name (Yes/No): Show the author's first name next to their message.
- Show Last Name (Yes/No): Show the author's last name next to their message.
- More information: Admin guide
- Plugin page: Moodle plugin page
- Considerations:
- This plugin only works when we use Moodle as identity provider, GSAML plugin is enabled and the SSO configuration is enabled in Google Apps.
Drive integration
Plugin: Google Drive repository
- Description: This is a repository add-on that pulls files from Google Drive to Moodle.
- Included in Moodle: Yes
- Path: /repository/googledrive
- Configuration parameters:
- Repository plugin name: Name to be displayed.
- Client ID: Developer console project ID.
- Secret: Developer console project Secret.
- More information: Admin guide
Plugin: Google Drive portfolio
- Description: This is a portfolio add-on that push files from your computer to Google Drive and then to Moodle.
- Included in Moodle: Yes
- Path: /portfolio/googledocs
- Configuration parameters:
- Repository plugin name: Name to be displayed.
- Client ID: Developer console project ID.
- Secret: Developer console project Secret.
- More information: Admin guide
Google+ integration
Plugin: Picasa Web Album repository (Google+ Photos)
- Description: This is a repository add-on that pulls photos from Picasa to Moodle.
- Included in Moodle: Yes
- Path: /repository/picasa
- Configuration parameters:
- Repository plugin name: Name to be displayed.
- Client ID: Developer console project ID.
- Secret: Developer console project Secret.
- More information: Admin guide
Plugin: Picasa Web Album portfolio (Google+ Photos)
- Description: This is a portfolio add-on that pushes photos to Picasa from Moodle.
- Included in Moodle: Yes
- Path: /portfolio/picasa
- Configuration parameters:
- Repository plugin name: Name to be displayed.
- Client ID: Developer console project ID.
- Secret: Developer console project Secret.
- More information: Admin guide
Youtube integration
Configuration: Youtube video repository
- Description: This is a repository add-on that pulls videos from Youtube to Moodle.
- Included in Moodle: Yes
- Path: /repository/youtube
- Configuration parameters:
- Repository plugin name: Name to be displayed.
- More information: Admin guide
Hangouts integration
Block: Hangouts
- Description: a plugin for Hangouts integration.
- Included in Moodle: No
- Configuration: Install block
- More information: Moodlenews
Block: Students Hangouts
- Description: a plugin for Hangouts integration.
- Included in Moodle: No
- Configuration: Install block (WIP - Beta)
- More information: Github
Configuration: Embedding Hangouts
- Description: There’s no a plugin for Hangouts integration, but it can be used embedding the URLs.
- Included in Moodle: No
- Configuration:
- More information: Admin guide
Calendar integration
Configuration: Calendar syncing
- Description: There’s no a plugin for Google Calendar, but the Moodle calendar has an option * to import external calendars.
- Included in Moodle: No
- Configuration:
- More information: Admin guide
Classroom integration
Configuration: Importing grades
- Description: There’s no a plugin for Google Classroom, but Classroom grades can be exported and imported into Moodle.
- Included in Moodle: No
- Configuration:
- More information:
Other integrations
Plugin: Fusion Tables export
- Description: Export grades to a Google Fusion Table
- Included in Moodle: No
- Path: /grade/export/fusion
- Configuration:
- More information: Admin guide
UK Open University plugins
- Moodle Portfolio activity (Uses Google drive collections/folders) (outdated)
- Google Collaborative activity (outdated)