Moodle - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Moodle using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Moodle, ensure you meet the following requirements:
- Moodle admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Moodle are registered in your IdP and have the necessary permissions to access Moodle.
- MPAS Admin rights
- Make sure that all users intended to use SSO in Moodle are registered in your IdP and have the necessary permissions to access Moodle.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Moodle - SSO configuration
Step 1 - Obtain Tenant XML Metadata from Multi-Pass (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, click on Applications
- Select in the custom integration section SAML
- Select Download under Tenant XML data and save the file locally
Step 2 - Configure Moodle as the Service Provider (SP)
- Download the Plugin Extension from
https://www.miniorange.com/downloads/mo_saml_free.zip - Log into Moodle as an Administrator
- Navigate to Site administration > Plugins > Install plugins
- Install the Plugin Extension from the file you saved previously
- Navigate to Site Administration > Plugins > Plugins overview
- Click the Additional plugins tab
- Click on Settings beside miniOrange SAML 2.0 SSO
- Select the Service Provider Setup tab
- Select Upload IdP Metadata
- Beside Identity Provider Name enter
Multi-Pass - Select Upload Metadata and upload the Tenant Metadata saved in Step 1
- Click Save and then Test Configuration
You should be prompted with a Test Successful banner
- Navigate to the Attribute/Role Mapping tab
- Fill in the fields based on the table below and click Save
| Setting | Value |
|---|---|
| Login/Create Moodle account by | |
| Username (required) | NameID |
| Email (required) | |
| First Name | givenName |
| Last Name | Surname |
- Navigate to Plugins > Authentication > Manage authentication
- Click on the “eye” to enable the plugin visibility
Step 3 — Configure Multi-Pass as the Identity Provider (IdP)
- In Moodle, navigate to Site Administration > Plugins > Plugins overview
- Click the Additional plugins tab and click on Settings beside miniOrange SAML 2.0 SSO
- Click the Service Provider Metadata tab
- Click Download SP Metadata and save the file locally
- In Multi-Pass return to the screen where you downloaded the Tenant XML Metadata under Integrations > Applications > Custom SAML App
- Select Upload File and upload the Service Provider Metadata you obtained
- Confirm/Complete the remaining fields based on the table below and click Add Integration
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | <Unique Moodle URL> |
| Name | moodle |
| Description | Moodle SSO integration |
| Assertion Consumer Service URL | <Unique Moodle URL> |
| NameID Policy Format |
- Go to the Advanced Console by clicking on the right side of your screen
- Click on Client and use the search bar to look for Moodle
- Make sure all the fields are populated
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | <Unique Moodle URL> |
| Name | moodle |
| Description | Moodle SSO integration |
| Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | <Unique Moodle URL> |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | OFF |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the tab Keys and ensure that both parameters are set to OFF
- Go to the Advanced tab and set Assertion Consumer Service POST Binding URL (should be the same value as Valid Redirect URI under Access Settings)
- Go to the Client Scopes tab and select the first scope in the list
- Select Add Predefined mapper and select the following:
- givenName
- surname
Related Articles
Intercom - SSO configuration
Valid redirect URIs Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This ...Huntress - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Huntress using MPAS. SSO simplifies user authentication by allowing access to multiple ...BambooHR - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Bamboo HR using MPAS. SSO simplifies user authentication by allowing access to multiple ...Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple ...Lusha - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...