SSO & users-Sync
Moodle-Integration with SAML/OAuth2, usersattributen, rolesmapping and Einschreibelogiken.
Quick overview
This page describes the working standard for SSO & users-Sync – with a focus on concrete decisions rather than general guidance.
The main focus here is which attribute verbindlich gemappt be and roles- and coursezuordnung aus the sync so that teams apply the same standard.
The standard only becomes traceable through linked evidence such as sso-mapping-documentation and through documented edge cases/exceptions.
When this page helps
Typical situations in which this page adds value as a working document, and where another document is more appropriate.
Typical use cases
- when for SSO & users-Sync technical standards about identity provider, mapping-regeln and roles-sync must be documented in a binding way
- when team handovers or temporary cover the same process for which attribute verbindlich gemappt be should be able to execute safely
- when incidents or Changes show that evidence such as sso-mapping-documentation are still missing
- when configuration or operational deviations (e.g. attribute change sich without abgestimmten mapping-update) occur repeatedly
Less suitable when
- when SSO & users-Sync only about a one-off individual case without need for standardization applies
- when a detailed project ticket or a technical step-by-step guide is the better fit
Recommended process
A pragmatic sequence that works in practice, from scope to review.
- capture the current state and scope for SSO & users-Sync capture, including identity provider, mapping-regeln and roles-sync and critical dependencies.
- define the target state and standards; key decisions include which attribute verbindlich gemappt be.
- test changes in a controlled way (Staging, Testsystem or Checklist) and Ergebnis document.
- implement in production, run follow-up checks, and sso-mapping-documentation + test cases for login/logout link.
- Monitoring/Reviews auswerten and recurring Befunde such as „Attribute change sich without abgestimmten Mapping-Update“ in the standard einarbeiten.
Decision rules
SSO & users-Sync is well documented, when rules, Edge cases and Evidence so clearly are, dass teams so that without additional coordination work can.
scope & Wirkung
For SSO & users-Sync first define the scope clearly: Identity Provider, Mapping-rules and roles-Sync.
approvalregel
decisions about which attribute verbindlich gemappt be and roles- and coursezuordnung aus the sync not implizit lassen, sondern roles and approvals explicitly benennen.
Exceptions cleanly halten
Allow exceptions only if they do not dilute the standard; especially relevant here are login-flows incl. logout/session.
Verifiablekeit
Verifiable is the rule only, when sso-mapping-documentation and test cases for login/logout cleanly verlinkt are.
What should be documented
Here only the spezifischen Inhalte about SSO & users-Sync maintain; general documentation rules remain in the centraln guideline. Central guideline.
The page is good when a substitute can apply or review the standard without first collecting tribal knowledge.
scope
terms, scope and boundaries about SSO & users-Sync specify in concrete terms, including identity provider, mapping-regeln and roles-sync.
Concrete Parameter/rules
Den standard so record, dass which attribute verbindlich gemappt be and debug-/supportweg for login-problemen eindeutig entschieden are.
evidence
Name and link evidence directly: SSO-Mapping-documentation, test cases for Login/Logout, Logs and Fehlersamples.
Versionierung
Aktive Exceptions, the latest change and the next review belong on the page—especially for topics with login-flows incl. logout/session.
Common pitfalls
This section captures real-world pitfalls from SSO & users-Sync; general guidance belongs in the central guideline. Central guideline.
- scope driftet: Attribute change sich without abgestimmten Mapping-Update.
- the rule is too abstract: Fallback-Login is not getestet.
- evidence is missing: roles-Sync overwrites manuelle Zuweisungen.
- the exception gets out of control: staging and production drift apart.
Moodle reference (official docs 5.1)
Kurze Verweise on the offizielle Moodle documentation for SSO & users-Sync. So remains this Page AFANDI-spezifisch and vermeidet doppelte Grundlagen.
Official references
Documentation focus
- SSO/Sync-Fluss document: Quelle, Attribut-Mapping, Sperrlogik and Fallback-Login.
- UI path, role and test case record explicitly (not only the desired target state).
- Mark deviations from AFANDI standards separatelyely so that updates remain easier to review.
Review & maintenance
Check this Page gegen reale processes about SSO & users-Sync – not only gegen the Wortlaut. Entscheidend is, ob standard, Exceptions and Evidence in the Alltag contribute.
- Stimmen Mapping-rules with the IdP-Stand match?
- Are Debug-Checks for the Support documented?
- Gibt it recurring Login-Fehler?
- Stimmen Konfiguration and documentation match?
Review focus for „SSO & users-Sync“: Moodle-Operations; check especially identity provider, mapping-regeln and roles-sync.
Useful metrics
A few metrics are enough – what matters is that they trigger decisions or improvements.
For „SSO & users-Sync“ Kennzahlen directly an which attribute verbindlich gemappt be and the most frequent Praxisrisiken koppeln.
Login-Erfolgsquote
Anteil erfolgreicher SSO-Logins
Interval: monthly
Sync-Fehler
Fehlerhafte Synchronisationen je Lauf
Interval: monthly
Support-cases SSO
Anzahl SSO-bezogener Supporttickets
Interval: monthly
Next steps
Add jetzt the concrete Entscheidung about which attribute verbindlich gemappt be incl. Verantwortlichen, Datum and Verweis on sso-mapping-documentation.
On „SSO & users-Sync“ make especially clear as the next step: which identity provider, mapping-regeln and roles-sync apply in the standard case and which exceptions are time-limited.