IMPORTANT! Because of the technical knowledge required, your district’s IT administrator (or someone with a similar role) will most likely need to perform this procedure.
There are (4) steps that must be performed to utilize Google SSO:
1. Create a new Service Account within the Google API Console
2. Enable Domain-Wide Delegation to the new Service Account
3. Install the JSON file within ML Schedules
4. Import Google Users into ML Schedules via Google Groups
Step 1: Create a New Service Account within the Google API Console
1. Visit Google API Console → https://console.developers.google.com
2. Select the New Project button
3. Name the project MasterLibrary SSO
4. Select the Create button
5. Select the newly created project from the Select a project dropdown at the top of the page.
6. Select the Library menu item on the left side of the page.
7. On the “Search for APIs & Services” box, type Admin SDK.
8. Select Admin SDK from the results.
9. Select the ENABLE button.
10. Click on the navigation menu icon (three horizontal lines) at the top left corner, and select APIs & Services → Credentials
11. Select + CREATE CREDENTIALS
12. Select Service Account
13. Type in the Service Account name and optionally service account description.
14. Select the CREATE button.
15. Select the CONTINUE button.
16. Select the DONE button.
17. Click on the Email link
18. Select the ADD KEY button and then select Create new key.
19. A pop window will appear. Ensure that the JSON option button is selected (this button is already selected as a default option).
20. Select the CREATE button
21. A JSON file will be downloaded and saved to your computer. Select the Close button.
22. Select the SAVE button.
Step 2: Domain-wide delegation to the Service Account.
1. Open a new browser window and enter https://admin.google.com/ac/owl
Note : A user with Google super administrator role is required to perform this task.
2. Select MANAGE DOMAIN WIDE DELEGATION
3. Select the Add new button
4. Open the JSON file that was downloaded
5. Copy the number corresponding to the “client_id”
6. In the popup window, paste the Client ID number and enter the following scopes on each line.
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.group.member.readonly
https://www.googleapis.com/auth/admin.directory.user.readonly
7. Select the AUTHORIZE button.
Step 3: Install the JSON file within ML Schedules
1. Within ML Schedules go to Admin > Single Sign On > Google SSO Admin
2. Enter the email address for a Google Domain Super Administrator
3. Upload the JSON file that was downloaded in the previous step.
4. Select the Save button
Step 4: Import Users via Google Groups
1. Within ML Schedules go to Admin > Single Sign On > Google SSO Groups
2. Select the Add Google SSO Group button
3. Enter the Group Name and Group Email Address (Selecting the View Google Users button will show the users within that Group)
4. Choose whether you would like to have one group created per user. Or if you would like to add users from the Google Group into an existing group inside of ML Schedules.
4A. If you choose 1 Group Per User you will need to select a Classification.
4B. If you choose Add to Existing Group, you will need to select an existing group inside of ML Schedules.
5A. Select the appropriate classification to link the staff members with (i.e. District Groups or Class 1)
Note: A classification is required in order to save the Group.
5B. Select the appropriate Group to link the staff members to.
6. Select which Roles you would like these users to have by default
7. Select the Sites you would like these users to access by default based on their Roles selected above.
8. Select the Active checkbox.
9. Select the Save and Sync Users button.
10. Repeat Steps 2-9 for any additional Google Groups you would like to sync to ML Schedules.
Comments
0 comments
Please sign in to leave a comment.