-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using guest users in EntraID - Best practices #2549
Comments
External Guests on your tenant with appropriate app permissions should be able to. That was how we initially set up users on our tenant. Multi-tenancy does not work particularly well for this plugin imo, and thus the guest account actually works pretty seamlessly in comparison. Going back to a split tenant like I'm trying to do now is proving to be a headache though because all the guest accounts take precedence when logging back into Moodle, and their fields are populated with the Guest Account settings. In my case I admin both tenants, but for you, guests should be the better option if you can't get an app registered on their tenant. |
I have found as much, even going even forward into deciding the best way to deal with them would be to create accounts for them on Moodle (using API automations and Moodle webservices), due to the very variable set of security rules on external tenants. That keeps it simple, our users (and apprentices and learners that can be onboarded to our tenant) use OpenID (and as such have their 2factor and security, etc., guests (which are apprentices and learners that cannot be onboarded due to their IT policies) get their own account created on Moodle, with 2 factor auth through Moodle. Seems the sanest way, especially because my life has been trying to streamline how we deal with our apprentices, that comes from dozen different companies and gov agencies and as such will not be able to randomly access Microsoft features because their tenant blocks them. |
I can confirm all points made by @ImmortalTreearms in comment #2549 (comment).
There was a proposal to add full multi-tenant support to the plugins, but there are a lot of complexities in this work and it will probably not be implemented any time soon. So for the time being, guest users is probably the best approach to go. Regards, |
This is more of a question that an issue regarding implementation that might affect my use case.
I have read, on of the issues here, to use guests you have to enable multitenant support on the IdP azure app. That works on my testing with personal accounts added as guests to out tenant.
My question is this, we have a number of guests from other company tenants, which have varied configurations and due contract reasons we can't really ask them to make any changes to their IT (and is a office politics minefield to ask them to act as guinea pigs ;D). They are fully invited to our tenant, personal information on the guest is updated.
So, my questions:
Will they be able login with their account using OpenID?
Is the information, fields, synced into Moodle from my tenant (i.e the guest information)?
Thanks!
The text was updated successfully, but these errors were encountered: