TI1 - 2022/23 - Should do - Further work AAD
| Size | Large |
|---|---|
| Budget Epic Name | CTP Maintenance Budget |
| Jira Epic | CTP-1495 |
| Feature Lead | Nikola Bozhkov |
Key information
TI3 - 2021/22 - Must Do - AAD & MFA (+Teams for Education) has implemented AAD authentication for the Moodle Production environment. Having a pre-production (staging) and multiple testing (preview) environments together with 5 snapshots dating back to 16-17 we need to ensure that consistent and secure authentication method is used across all Moodle instances. There is also a need to understand how merging duplicate user accounts at AD/AAD level impacts Moodle users and improve the user experiences by enhancing this process. Further work is to improve the user login experience of the UCL partner institutions users e.g. NHS, Anna Freud, etc.
User Story
As an end user of Moodle I wish to use/access all Moodle instances seamlessly and in the same way
As an end user of Moodle being part of a UCL partner institution I would like to be able to login to Moodle seamlessly.
In scope
Issues Identified after AAD Roll-out in Moodle
- merged users in AD/AAD - what is the best approach in Moodle.
- Discussion with Identity team whether Moodle support to be added to the merge process
- merge the two accounts in Moodle - works intermittently and if the merge is to the deleted account in AAD it might not resolve the issues as the user account is matched to the wrong UPN in AAD.
- TBC use microsoft block to match the sync the accounts manually. To be explored
- TBC increase the frequency of the Azure sync job from once a day at 4am to every hours or even more frequent.
- Existing duplicated accounts in Moodle e.g. one manual and one AD created - same as above
- UCL Partner institutions not able to login unless using private/incognito browser to clear their existing sessions. Example partners www.annafreud.org, NHS
- discuss with Identity ways of improving user experience e.g. changing setting in the app registration, provide feeback to Microsoft and seek improvement,
- Read only access for Moodle support DESA to AAD Moodle app registration sign-in logs
AAD Rollout to staging, preview & snapshot
- Refresh staging from Production and get AAD authentication operational (Catalyst to refresh & SRE Ops to configure AAD). New AAD API secret to be created for staging environment
- Refresh preview environments and make AAD authentication operational by default (SRE Ops)
- TBC AAD in snapshots
Out of scope
Acceptance Criteria to include
- Improved user experience when using AAD authentication to access Moodle
- All Moodle instances using AAD for authentication
Links
This information is provided by Digital Education
( https://www.ucl.ac.uk/isd/digital-education-team-information ) and licensed under a Creative Commons Attribution-ShareAlike 4.0 International License
