Google Apps for Education is changing the way sign on works sometime in 2014 to make users include the domain, by forcing all users to use the 'new' Google accounts login process. This removes the nicely filled @Yourdomain.com in the username section when trying to login to a specific service. I don't like the idea of re-training all the users to login with their email@example.com, especially when some applications around school will only let them login with their username, and not with @Yourdomain.com stuck on the end.
In an effort to alleviate this, we're moving to a single sign on for all in-house web apps which interfaces with AD. We'd love to include this for Google Apps, too. I've been looking into some of the documentation available for Google Apps and was wandering if anyone has done / is doing anything similar? We've got a Server 2003 based domain. I've seen that AD FS can do SAML 2.0 stuff, but this only looks like later editions of AD FS which I'm not sure 03 will support. Ideally, if anyone has succeeded in doing this, we'd like to use our current in-house sign on process to just spit out the required SAML stuff to Google. Any tips, tricks, gotcha's for users who are doing something similar out there?
We redirect to a SAML service and user's don't need the @domain.com. The downside is that it authenticates directly to our active directory using servers on site - so if the power is down at the school, no one can get their email,docs etc!
We bought the service from SSOEasy SAML 2.0 and SAML 1.1 SSO Products - SSO Easy they were very helpful getting us set up,
We previously used the single sign in module for Moodle/Google, but this broke when we updated to 2.x (I think it's fixed now but not tried it).
THere are a number of other free options; simplesamlphp etc.
There are currently 1 users browsing this thread. (0 members and 1 guests)