Prerequisites and Setup details

This page will explain the setup steps.

What do I need?

You will need:
Microsoft TeamsMicrosoft Office 365 and Microsoft Teams
MoodleMoodle Required version: 3.5 or newer | Recommended version: 3.7 or newer. [download]

During setup, you will also need to have admin role in your Moodle installation. In Microsoft Office 365 (Azure AD) you need to be a Global Administrator. If you don't have these roles, you will need to have the persons with those roles available.

Last updated: 2020-06-04

Table of content

  1. Initial steps in Moodle Teams Management
  2. Initial steps in Moodle
  3. Recommended Configuration

1. Initial steps in Moodle Teams Management

Before you start, there are a few steps you have to do do in Moodle Teams Management.

2. Initial steps in Moodle

These are the following steps needed done in Moodle to make it all work.

Enable mobile settings
First thing is to check the configuration is set to allow using the Mobile service. In many cases, this may be pre configured. But you should check the configuration to avoid problems later.

  1. Make sure you are logged in to Moodle with an admin user
  2. Navigate to "Mobile settings"
    (Site adminstration -> Mobile app -> Mobile settings)
  3. Check the box next to "Enable web services for mobile devices"
  4. Press the "Save changes" button to enable web services for mobile devices.

Create a service user
First off, Moodle Teams Management will need a service user to get data on behalf of your Moodle users.

  1. Make sure you are logged in to Moodle with an admin user
  2. Navigate to "Add new user"
    (Site adminstration -> Users -> Accounts -> Add a new user)
  3. Enter a username for the user
    Suggested: "teamsapp"
  4. Choose authentication method: "Manual accounts"
  5. Enter a password.
    It's recommended to use a strong password. You can create one here.
  6. Give the user a name ("First name" and "Surname")
    Suggested first name: "Teams". Suggested surname: "App".
  7. Enter an email address for the service user.

Set service user role
When the user is created, it needs to get the "site administrator" role assigned.

  1. Make sure you are logged in to Moodle with an admin user
  2. Navigate to "Site administrators"
    (Site adminstration -> Users -> Persmissions -> Site administrators)
  3. In the right pane, find or search for the service user you created, then click to select it.
  4. Press the "Add" button located between the two panes
  5. The user will appear under "Existing users" in the left pane.

Obtain a service user token
When the site administrator role is set, you need to obtain a token that Moodle Teams Management can use to communicate with the Moodle API.

  1. Make sure you are logged in to Moodle with an admin user
  2. Navigate to "Manage tokens"
    (Site adminstration -> Plugins -> Web services -> Manage tokens)
  3. Click "Add" below the list to add a new token.
  4. Search for a user ("Teams App") and click to select it. The user will now appear in the blue box above the search box.
  5. Make sure you select service "Moodle mobile web service". If you want to set a validity to the token, set a future date. Please note that by doing that, you will have to update the token again in Moodle Teams Management when it expires.
  6. Press the "Save changes" button to create the token.
  7. The token will now appear in the token list. You will need this token value when setting ut Moodle in Moodle Teams Management.

Configure Moodle plugin: "Microsoft Office 365 Integration"

This step will configure the "Microsoft Office 365 Integration" plugin.

  1. Make sure you are logged in to Moodle with an admin user. Also make sure you are a Global administrator in Office 365, or has that person available.
  2. Also make sure that the Microsoft Office 365 Integration plugin is installed in Moodle
  3. Navigate to "Microsoft Office 365 Integration"
    (Site adminstration -> Plugins -> Local plugins -> Microsoft Office 365 Integration)
  4. In the plugin first tab named "Setup", you will find a PowerShell script. If you are familiar with PowerShell or want to do this manually, you may install this and follow the instructions given in the plugin. You may stop reading further on these steps.

Important note

There is no need to run the PowerShell script provided in the plugin details. The only part of this plugin that is needed is to enable user sync from your Azure AD to Moodle, and it's a requirement for making the users being able to login in to Moodle with their Office 365 school account and a requirement for the "OpenID Connect Anthentication" plugin. If this plugin has been previously installed and configured, you may skip this step.


Setup > Step 1/3: Register Moodle with Azure AD
  1. The first you will do is to create "Application ID" and "Application Key" for the Office 365 integration.
  2. Instead of downloading the PowerShell script provided in the plugin, go back to Moodle Teams Management and create this automatically.
  3. In the installation details, you will find a button called "Create OpenID App".
  4. Before you click this, you must be logged in to Moodle Teams Management as a global administrator in your Office 365. This is because this action requires a temporary elevated admin access.
  5. When you click the button, you will first be prompted to select the admin account. The account you are already logged in with will be showing up in the top of the list, but you are free to add any other admin account.
  6. Review and accept the list of access needed and wait. If you are unable to accept, you are not a global administarot in your organization.
  7. After a short while, you return and the OpenID app registration is created.
  8. You now have to grant the premissions set on the app. That is done by pressing the "Grand OpenID App permissions" button.
  9. This action will also need a temporary elevated admin access, so you will be prompted with the same consent as when you created the app registration. Select the admin user, then review and accept the access.
    For the curious, the App Registration is fulle available in the Azure Portal.
  10. The OpenID app registration is now created and granted. View the details by pressing the "Show OpenID App" button.
  11. Now copy these details to your Moodle plugin.
  12. Navigate back to the Microsoft Office 365 Integration plugin in Moodle and paste the values in the "Application ID" and "Application Key" fields.
Setup > Step 2/3: Choose connection method
  1. Now, ensure that the checkbox for "Application access" is checked. This should be the default.
Setup > Step 3/3: Admin consent & additional information
  1. The next step is to check the app details. First, press the "Detect" buttons available. If the statuses below the buttons indicate success, everything is good.
  2. If the statuses does not indicate success, you need Moodle to also grant access to the OpenID app registration.
    Press the "Provide Admin Consent" link/button.
Setup > Verify setup
  1. The last step is to verify the setup. Press the "Update" button to let the plugin check the details available.
  2. Press the "Save changes" button when you are done.
Sync Settings > User Sync

In the next tab, you will find settings for setting up user sync between Office 365 and Moodle.

  1. Select the "Sync Settings" tab in the plugin.
  2. Now, check the desired configuration for user sync. You will find a variety of sync options. The most important is that the users are imported into Moodle, but you will probably also want matching of existing users as well as updating Moodle when there are changes in Office 365.
  3. Press the "Save changes" button when you are done.

The other plugin functionality is not needed for Moodle Teams Management, so they may be skipped. If you like to explore the possibilities, feel free to look up the guidance in the plugin.

Note: Users may not be able to log in until the first sync has exexuted. According to the plugin documentations, the syncs are executed each night in batches of 1000.

Configure Moodle plugin: "OpenID Connect Anthentication"

This step will configure authentication with "OpenID Connect". This require that the Microsoft Office 365 Integration is installed and configured.

  1. Make sure you are logged in to Moodle with an admin user.
  2. Also make sure that the OpenID Connect plugin is installed in Moodle
  3. Navigate to "Authentication"
    (Site adminstration -> Plugins -> Authentication)
  4. If "OpenID Connect" is not already enabled, you will find it in the list of authentication methods.
    Click the "eye" icon to mark it enabled. The "OpenID Connect" entry will now snap to the top of the list as the last of the enabled authentication methods.
  5. Move the "OpenID Connect" to the desired position, then click "Settings" to check that it is OK.
  6. If the Microsoft Office 365 Integration was properly installed, the settings for this plugin should be as they should. But you may review them if you like.
  7. You may now log out or open another web brower and test the OpenID Connect authentication.
    The OpenID Connect option will be visible in the Moodle login page.
  8. Once logged in, the user will see the Moodle Dashboard or course details.

Configure Moodle plugin: "WebHooks"

If you would like your event and actions in Moodle to be visible in Teams, it is recommended to configure this plugin.

  1. Make sure you are logged in to Moodle with an admin user
  2. Also make sure that the WebHooks plugin is installed in Moodle
  3. Navigate to "WebHooks"
    (Site adminstration -> Server -> WebHooks)
  4. Now, go back to Moodle Teams Management and obtain the WebHook details for your Moodle installation.
  5. Press the "Add service" button
  6. Enter a name for the webhook
    Suggested: "Moodle Management Tool"
  7. Enter the "URL" input for the destination endpoint, then press "Show more..." to display the "Additional" input.
    Paste the "URL" and "Additional" values you copied before. Note: Make sure you do not put the value into the "Token" input, that will not work. See screenshot below for example.
    Make sure the "Enable" checkbox is ticked.
  8. Then scroll down and tick the boxes you would like to get notifications from.
    The following events are examples on what to tick on. (scroll for full list)
    \core\event\calendar_event_created
    \core\event\calendar_event_deleted
    \core\event\calendar_event_updated
    \core\event\course_completed
    \core\event\course_created
    \core\event\course_deleted
    \core\event\course_section_created
    \core\event\course_section_deleted
    \core\event\course_section_updated
    \core\event\course_updated
    \core\event\note_created
    \core\event\note_deleted
    \core\event\note_updated
    \core\event\notification_sent
    \core\event\notification_viewed
    \core\event\role_assigned
    \core\event\role_deleted
    \core\event\role_unassigned
    \core\event\role_updated
    \core\event\user_enrolment_created
    \core\event\user_enrolment_deleted
    \core\event\user_enrolment_updated
    \core\event\user_graded
    \mod_assign\event\submission_graded
    \mod_forum\event\discussion_created
    \mod_forum\event\discussion_deleted
    \mod_forum\event\discussion_updated
    \mod_forum\event\post_created
    \mod_forum\event\post_deleted
    \mod_forum\event\post_updated
  9. When finished, press the "Save changes" button in the bottom