AKKU

SSO for Moodle

Overview

Akku, developed by CloudNow Technologies, is a robust Identity & Access Management (IAM) solution designed to streamline user provisioning, access management, and activity monitoring throughout the user lifecycle. It offers administrators the tools to efficiently manage user privileges and ensure data security in cloud environments. With Akku, organizations can confidently embrace cloud technology while maintaining compliance with standards and regulations. Its comprehensive features enable seamless onboarding, secure authentication, a single point-of-access to all applications, enforcement of access policies, and monitoring of user activity to detect and respond to security threats effectively while enhancing the user experience significantly. By prioritizing data security, privacy, and compliance, Akku provides users with peace of mind while improving overall productivity. With its flexible and scalable architecture, Akku is well-equipped to meet the evolving needs of modern organizations in managing their identity and access requirements.

Introduction

Moodle SAML SSO with Akku provides a secure and reliable method for authenticating users. To set it up, you'll need a Moodle account, an Akku account, and the SAML SSO Integration feature enabled. First, configure your Akku instance by adding the Moodle SAML SSO app and specifying the required fields. Then, grant Akku permission to access your Moodle domain. Next, set up the SAML request URL and authentication URL in your Akku instance. Finally, test your integration to ensure seamless authentication for your users.

Configure Moodle for SSO

The steps listed below provide instructions on adding the Moodle application from the QuickLaunch App Store and configuring SAML SSO for the added application

1

Log in to Akku's Administration Console

Log in to Akku's Administration console with your tenant URL.

Screenshot
Log in to Akku's Administration Console
2

Navigate to App Management

Navigate to App Management and search for Moodle.

Screenshot
Navigate to App Management
3

Configure Moodle App

Click 'Setup/configure SSO' on the Moodle App and configure the necessary information based on the Moodle metadata file.

Screenshot
Configure Moodle App
4

Download AKKU Metadata

Navigate to the Integration Tab and click on the SAML 2.0 Identity Provider Metadata to download the AKKU metadata and extract the Entity ID and the SSO target URL.

5

Install SAML Plugin in Moodle

To configure the Moodle with SAML SSO Plugin:

  1. Log in to the Moodle admin account under the Site Administrator tab. Navigate to Plugins.
  2. Under the Plugin installer tab, click the Install plugins from the Moodle plugins directory Button, which will redirect you to the Moodle official plugin marketplace.
    3. Screenshot
    Install SAML Plugin - Step 1
  3. In the search bar, search for the SAML plugin and download the first plugin.
    4. Screenshot
    Install SAML Plugin - Step 2
  4. Once the plugin is downloaded, drag and drop the plugin to the Plugin installer and Click the "Install plugin from the ZIP file" button to install the SAML plugin mentioned in the above step.
    5. Screenshot
    Install SAML Plugin - Step 3
6

Access SAML2 Configuration

Once the plugin is installed, you can find a SAML2 feature under the Authentication tab. Select the plugin to configure the AKKU IDP.

Screenshot
Access SAML2 Configuration
7

Configure SAML2 Settings

The SAML2 tab will be opened as mentioned in the last step. Fill in the IDP metadata fetched from the AKKU IDP as mentioned in step 3. And also set the IDP label to AKKU which is optional.

Screenshot
Configure SAML2 Settings - Part 1
  • Under the NameID Policy, change it to the emailAddress (default it will be transient).
    • Screenshot
    Configure SAML2 Settings - Part 2
  • Set the Expose NameID as an attribute as YES.
  • Add a Mapping IDP to send the email as an attribute in the SAML request.
Screenshot
Configure SAML2 Settings - Part 3
If there is any issue related to the certificate, delete the old certificate and generate a new certificate cause the old one will be encrypted with a key password.
Screenshot
Configure SAML2 Settings - Part 4
8

Download SP Metadata

After completing all the configurations mentioned in the above step. Finally, download the SP side metadata by clicking the download url to configure the AKKU IDP.

Screenshot
Download SP Metadata
9

Set SAML2 Authentication Method

Under the user menu choose the SAML2 authentication method to use the SAML feature that is configured.

Screenshot
Set SAML2 Authentication Method

Configure AKKU based on Moodle Metadata

Configure Akku with the metadata from Moodle

1

Log in to Akku's Administration Console

Log in to Akku's Administration console with your tenant URL.

Screenshot
Log in to Akku's Administration Console
2

Navigate to App Management

Navigate to App Management and search for Moodle.

Screenshot
Navigate to App Management
3

Configure SSO Settings

Click 'Setup / Configure SSO' on the Moodle App and configure the necessary information based on the Moodle metadata file.

Screenshot
Configure SSO Settings
4

Fill in Entity ID and ACS URL

Fill in the Entity ID and ACS URL in the configuration tab using the URLs copied from Moodle metadata. The URLs mentioned below are a sample one so use the value that has been fetched from your SP metadata.

Moodle SAML Configurationproperties
Client ID
http://localhost/moodle/auth/saml2/sp/metadata.php

Home URL
http://localhost/moodle/

Valid redirect URL
http://localhost/moodle/*

Valid post logout redirect URI
http://localhost/moodle/auth/saml2/sp/saml2-logout.php

Assertion Consumer Service POST Binding URL
http://localhost/moodle/auth/saml2/sp/saml2-acs.php

Assertion Consumer Service Redirect Binding URL
http://localhost/moodle/auth/saml2/sp/saml2-acs.php
5

AKKU Admin Side Configuration

Add a User Attribute in KC.

Screenshot
AKKU Admin Side Configuration