|Image Source: http://t2.gstatic.com/images?q=tbn:ANd9GcS00dU5MZU1maJgoyWr8yEKnkHDqrH-hfFfXpiXafYdZ39z5pTL&t=1|
Is anyone integrated Google Gmail with Active Directory for a Single Sign On or password transparency? We are in the migration stage of provisioning account to Google but I and wanting to know what outers are doing to make the sign on process easier for staff.
A few responses that are worth checking out, including ones from folks I’ve anonymized but whom may want to speak up in the comments since I know they read this blog:
From Google’s Becky Evans:
Passwords are stored in Active Directory in a proprietary way and our GADS tool isn’t able to read them. There are a couple ways to work around this.
1) Save passwords as plaintext, hash them in sha-1 or hash in md5 in another field in your AD. Sync this password field with Google Apps.
2) Sync passwords using a 3rd party tool. I’ve worked with a few districts that have used these partners to sync passwords.
Auth MagicSSO Easy
Google Apps will not sync passwords with AD. You need to use SSO or some other type of third party.
We are actually looking at trying to have all our passwords created in our SIS, and then sync’d to AD from there (via SIF). That way we can export account/password information directly from the SIS and sync it to third party systems. We would also (in theory) be able to provide access for both teachers to look up their student’s passwords, and parents to look up their child’s username/password information (thinking about parents wanting to monitor Gmail). The password could be reset in the SIS, and then the change would flow out to AD, and our other third party systems. We are expecting this to help circumvent some of the AD extraction issues.
In the meantime you can copy the URL from the Google Block in Moodle and create a shortcut or bookmark anywhere and the Google administrator has access to other tools for Apps Application shortcuts on the desktop. In Google Chrome (best browser for Apps), once you are in your Google Apps folder, any user can use the Tools menu to Create application shortcuts… – a great feature for any frequently used site that you don’t need tabs or other browser tool icons for.
Until Google forces the change, a work-around for many Google links outside your domain is to insert “/a/yourdomain.edu/” into the URL immediately after the “[docs.]google.com”.
A follow up response to a question about security of porting active directory passwords to external vendor systems garnered this response from Rusty Meyners:
For what it’s worth, the Moodle-Google SSO system does not share a password=
authenticated account and Google trusts Moodle to do so, without asking for=
password. In this situation, once you are logged into Moodle, you are also=
logged into Google, whether you choose to go there or not.
Using the Moodle Login-As feature, a Moodle administrator can then access t=
he Google account of someone in their domain, whether or not they are also =
a Google administrator for their domain – meaning if you give a teacher or =
parent Moodle “Login-As” privileges, you are also giving them access to the=
entire Google account. Be aware that much of this appears to be accomplish=
ed with cookies, so if you get “stuck” in the wrong account, close and reop=
en the browser & if necessary empty the cache.
Here is a link to some important info about changes to Google Apps for Educ=
ation accounts. These changes will add features and better distinguish betw=
een personal “consumer” and Ed domain accounts.
The exchange took place on a Texas-wide email list for technology directors.
Get Blog Updates via Email!
Enter your email address:
Delivered by FeedBurner
Bookmark this on Delicious
Subscribe to Around the Corner-MGuhlin.org
Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure