Overview

In this digitally-driven world, access to education has enhanced drastically due to availability of Learning Management Systems (LMS) such as Moodle, Udemy, Blackboard Learn, Google Classroom, and more. With the rise in the number of educational institutions, implementing varied systems for different purposes, assuring smooth integration and access is essential for both the users and the institutes.

This case study highlights how a simple module installed on your Drupal site, can turn your Drupal into an IDP and integrate with any LMS of your choice, thus simplifying the login process for all students, teachers and even parents.

Prerequisites:

In this section, we’ll discuss everything from requirements and implementation process to results.

• Key Requirements:

SAML IdP Module

To facilitate seamless sign-in between Drupal and LMS.

Download Module

Moodle SAML SP Module

To configure it with the Drupal IdP for accepting SSO-driven logins.

Download Module

• Features that will play an important role:

IdP-Initiated SSO Feature

To initiate SSO at the Drupal site.

Setup Guide

Attribute and Role Mapping

To map user data from IdP to SP

Setup Guide

Scenario

Institutions find it hard to manage multiple authentication systems, resulting in administrative overhead and user fatigue. Ideally, the users - Students and Teachers - log into their accounts on the Drupal based college / university website, and then access various learning resources via a link provided to them - and they’d be automatically logged into the LMS.

However, despite providing access to external LMS, educational institutes are unaware of a better way to switch between platforms without repeated logins. So, to solve this issue, miniOrange is offering a SAML IdP module.

This module converts Drupal site into an Identity Provider (IdP) and LMS like Moodle into a Service Provider (SP) to enable Single Sign-On (SSO).

Implementation

For the sake of this implementation guide, we’ll go with Moodle as the LMS.

The miniOrange SAML IdP module is installed and configured on the Drupal site, making it the IDP. With this, all the users that are already present in the Drupal site can directly access Moodle using the same Drupal credentials. This eliminates the need of creating a separate login for Moodle.

For Moodle, you have a couple of different modules that you can choose to install that can transform the Moodle site into a Service Provider. Here’s the link to the miniOrange SAML SP module for Moodle.

Since we’re going to follow the standard SAML protocol / flow, the configuration steps to get both of these platforms talking are pretty straightforward.

You either swap the Metadatas from each platform - Download the Moodle metadata and provide it to the Drupal site - and run it back by exporting the Drupal site metadata and giving it to the Moodle site. Or you can manually configure each of the sites by passing the necessary information. This Guide should give you the step by step instructions to have the SAML connection up and running.

If you need some granular control over what is being provided to each platform, or if you prefer a manual process, you can follow this step by step guide that will guide you on what goes where.

The User Experience

Once the connection between the two is successful, the Drupal users should be able to log into Moodle, using their Drupal credentials. This will be the user experience should they try to log into Moodle directly, without going through the Drupal site first.

Alternatively, and this is where the IDP Initiated SSO comes into play, they can log into the Drupal site first, and they’ll be shown a link that will take them to Moodle, and automatically log them in.

This is especially helpful if the Moodle courses are showcased and listed out on the University Website / student account - aka the Drupal site. If any student wants to attend or opt in for a course that they see in their University Dashboard, they would not have to log into Moodle separately, it would be seamless as heck and please the ever fidgeting Gen Z, or the ever Zen Millennials.

Taking it a step further

By having a mapping or relation established between the IDP - Drupal - and the SP - Moodle - you can have some sort of automated permission or access management as per the roles or attributes set in the account within Drupal. For example, an administrator or someone with a Teacher role within Drupal, can automatically gain Evaluator permissions / privileges on Moodle; students from the Computer Engineering department, will have selective access to the CS courses on Moodle; if your LMS platform offers a Parent or Guardian dashboard feature, then that particular account would have access or the visibility of the students grades and so on.

Of course in order to achieve all of these cases, you would have to have role or attribute based access control (RBAC) set on the Service Provider - but that ain’t too hard of a thing to achieve - given you’ve got the right tools for it.

What do we know and What have we learnt

1. Users - Students, Parents, Teachers alike - experience frictionless transitions from Drupal to Moodle, and can gain access to courses in a single login attempt.
• Users don’t even have to log into their Moodle / LMS separately, they just need to log into Drupal, and they can be authenticated and taken to the LMS.
• Automatic access rights based on Roles or Attributes eases management headache and minimizes data visibility errors.
2. Better security by eliminating multiple passwords or worse, reused passwords. You only need one password #YONOP.
3. The miniOrange Drupal IDP module can also connect to multiple SPs - so if you’ve got your courses split between multiple instances of the same LMS or different ones, a single user store can serve the identity needs.

LMS and the core website should be talking. The miniOrange Drupal SAML IDP module makes that happen. You eliminate the need to have 2 passwords, you eliminate the need of manually creating accounts across platforms, you eliminate the need to set access rights for each account. You save a lot of time, you make your users happy, and you protect your website. And ultimately these are three things that matter in this digital world.