microsoft / o365-moodle

Office 365 and Azure Active Directory plugins for Moodle
GNU General Public License v3.0
181 stars 137 forks source link

Confirmation of Operation of the OpenID Connect authentication and multi-tenancy #1438

Open swinster opened 4 years ago

swinster commented 4 years ago

Hi,

We currently use OpenID Connect as part of the MS365 plugin set to provide both authentication and user provisioning from AAD for our own internal users into Moodle, however, we would also like to provide authentication via MS (and indeed Google) for our partners and customers. We do not need to provision users from those partners a customer's tenants, rather just offload authentication to MS/Google, and indeed there are many hundreds of fo tenants that would be required. I suspect that the multi-tenant approach offer by OpenID Connect is NOT what we are after and that we should instead we should use an alternative authentication method (such as as the in-built Oauth) side-by-side with OpenID Connect - in which case there will be 2 login buttons, one for our organisation (OpenID Connect), one for everyone else (Oauth).

Am I thinking clearly here?

swinster commented 4 years ago

Apologies if this is the wrong area to post.

swinster commented 4 years ago

Kinda desperate to posted in https://moodle.org/mod/forum/discuss.php?d=413012 as well.

swinster commented 3 years ago

I wonder, was anyone able to clarify this? We are looking to try to get this working in the next week or two, and I am a little stuck.

weilai-irl commented 3 years ago

Hi @swinster,

Sorry for not getting back to you in time. What you described make sense to me, although I haven't configured a site as such before.

Did you implement it already? How did it go?

Regards, Lai

swinster commented 3 years ago

@weilai-irl I never manage to devote the time to it to get it working. We would absolutely love to get it working as it would be a massive benefit to use for our partners/customers. I suspect many "training" organisations that use Moodle as a core, and that have different users from different organisations, would like to achieve the same.