Setting up and configuring the Office 365 services on Moodle
The Office 365 services complete the Moodle learning platform by increasing the productivity of students and teachers.
The set of Office 365 integration plugins completely enables an integration path with Word Online, OneDrive for Business, OneNote and the Outlook calendar, as we have already mentioned.
This section discusses their implementation in our test lab environment.
Note For more information, see the corresponding Moodle documentation51.
48.Configuring the plugins
The first step consists in activating and configuring the OpenID Connect authentication plugin that allows for single sign-on between the Office 365 platform and Moodle.
Log onto Moodle as the platform administrator, and proceed with the following steps.
-
Go to Site administration Plugins Authentication.
-
Click Manage authentication.
-
Locate the OpenID Connect authentication plugin and click on the "eye" to activate it.
-
Click on Settings. The OpenID Connect page opens.
-
Complete the fields:
-
In Provider Name, enter a name that can be used to select an authentication provider. This is usually the name of the organization. For example in our illustration, enter "Contoso123”.
-
In Auth Endpoint, enter "https://login.windows.net/common/oauth2/authorize".
-
In Token Endpoint, enter "https://login.windows.net/common/oauth2/token".
-
In Redirect URI, enter the address of your Moodle site followed by /auth/oidc, for example in our illustration "https://o2m.contoso123.fr/auth/oidc/".
-
Click Save changes.
-
Leave the OpenID Connect page open. We will return to it later.
49.Configuring the Office 365 single sign-on
To enable Moodle to authenticate Office 365 identities, you have to configure the Azure AD directory used by your Office 365 subscription so that it authorizes your Moodle application to use the identities declared in it.
The Azure management portal allows you to manage your Azure Active Directory. To begin with, we are going to link the Azure AD directory used by the Office 365 tenant with the Azure subscription that contains the Moodle environment. This will enable you to manage all the Azure resources from a single portal.
Proceed with the following steps:
-
In a new tab in the browser, navigate to the Microsoft Azure management portal at https://manage.windowsazure.com and sign-in.
-
Click "+" and select: APPLICATION SERVICES ACTIVE DIRECTORY DIRECTORY CUSTOM CREATE
The Add directory dialog opens up.
-
Select Use existing directory.
-
Check I am ready to log off.
-
Authenticate yourself with an Office 365 account.
-
Click Continue.
-
Log off, then log on again with your Azure account.
50.Registering an application in the Azure portal
The next step in the configuration of single sign-on (SSO) between Moodle and Office 365 consists in registering the Moodle application in the Azure AD directory, so that it can be granted certain privileges.
To register the Moodle application, proceed with the following steps:
-
If you are not already logged onto the Microsoft Azure portal, log on at https://manage.windowsazure.com.
-
Select ACTIVE DIRECTORY on the left pane and select your Azure AD directory.
-
In the top menu, click APPLICATIONS. If no applications have been installed yet, this page only displays the Add an application link. Click this link or ADD at the bottom of the tray.
The What do you want to do? dialog box opens.
-
Click Add an application my organization is developing.
-
On the Tell us about your application page, specify a name for your application, for example “O2m.Contoso123” in our illustration. Leave WEB APPLICATION WEB AND/OR WEB API selected for the type, and then click the arrow icon in the bottom right.
-
On the App properties page, specify:
-
In SIGN-ON URL the redirection address of your Moodle instance previously configured for the OpenID Connect protocol, for example “https://o2m.contoso123.fr/auth/oidc/” in our illustration.
-
In APP ID URI the main address of your Moodle instance, for example “https://o2m.contoso123.fr” in our illustration.
-
Click the check mark icon in the bottom right, and then click OK.
51.Configuring the application that provides identities to Moodle
Once the application has been added, you simply need to perform a few configuration steps to allow Moodle to use the Azure AD/Office 365 identities.
Proceed with the following steps:
-
In the Microsoft Azure management portal, select the Moodle application that you have just created.
-
Click CONFIGURE and scroll down to Client ID.
-
Copy the value of the field. You will need it to finalize the configuration of the OpenID Connect plugin in Moodle. This will correspond to an eponym field.
-
Scroll down to keys.
-
In Keys, select 1 year for the duration.
-
A new key is created.
Click SAVE at the bottom of the tray to save the newly created key.
-
Copy the value of the key. You will need it to finalize the configuration of the OpenID Connect plugin in Moodle. This will correspond to a Client Secret field.
-
Back in the OpenID Connect configuration page of your Moodle instance, copy the above values to the related target Client ID and Client Secret fields.
-
Click Save changes.
-
Back in the Microsoft Azure management portal, in the above Moodle configuration page, scroll down to permissions to other applications.
-
Click Add application. A Permissions to other applications opens up.
-
Click the "+" on the right of both Office 365 Exchange Online and Office 365 SharePoint Online.
-
Click the check mark icon at the bottom right to close the dialog.
-
Click Delegated Permissions next to Office 365 Exchange Online, and then select:
-
Read and write users calendars
-
Read users calendars
-
Likewise, click Delegated Permissions next to Office 365 SharePoint Online, and then select:
-
Read and write user files
-
Read user files
-
Have full control of all site collections
-
Read and write items and lists in all sites collections
-
Read and write items in all site collections
-
Read items in all site collections
-
Click Application Permissions next to Windows Azure Active Directory, and then select:
-
Read directory data
-
Finally, click Delegated Permissions next to Windows Azure Active Directory, and then select:
-
Read directory data
-
Enable sign-on and read users’ profiles
-
Access your organization’s directory
-
Click SAVE at the bottom of the tray.
52.Adding a user to the application
Once the Moodle application has been configured in Azure AD, you must then assign users to it so that Azure AD can allow them an access.
Proceed with the following steps:
-
Still in the Moodle application page in the Azure management portal, click USERS.
-
In USERS, select the Office 365 user(s) who should be able to access this application, namely in our illustration, the test users Teacher Martin, Student 1, Student 2 and Student 3 created earlier in this document, see section § Creating the test users.
-
Click ASSIGN at the bottom of the tray.
-
Click YES to confirm.
Share with your friends: |