local_o365 user matching minimum Azure permissions

local_o365 user matching minimum Azure permissions

by Chris Loweth -
Number of replies: 1

As title suggests, and the documentation lacks in guidance...

What are the minimum Azure permissions that are required so that the likes of the automated  (scheduled) or manual user matching can succeed?

Our environment: We currently use Moodle 3.6.4 and we have a number of web services that automate user account creation and enrolment onto Moodle courses.

Our web services rely on the "username" as a search criteria when enrolling users. We cannot change this as it is the most appropriate "unique" field given that we use OpenID Connect authentication for users.

Our conundrum is that when a  user changes their name we update Azure, we then manually change the user's Moodle profile to be a "manual" authentication (to allow us to update their username) and then revert back to OpenID Connect.

Although this is not the best approach for the plugin - and is the root cause of the fault being experienced - it is something we cannot change.

We have been through the local_o365 plugin settings and can identify tow methods of resolution: one manual and one automated (albeit scheduled).

We would like to trial using the CSV import "User matching" of the local_o365 plugin - which, we believe, should allow us to re-connect the amended Moodle profile to the amended Azure account - however the scheduled task ("Process Match Queue") that processes the queues is continually failing.

Error message:

=================

Execute
scheduled task: Process Match Queue (local_o365\task\processmatchqueue)
... used 1 dbqueries
... used 0.32651686668396 seconds
Scheduled task failed: Process Match Queue
(local_o365\task\processmatchqueue),Could not get app or system token

=================

We are aware that this relates to a permission on Azure - because we can see in the local_o365 "Verify setup" section that the "Azure AD Application Registration" has an error of "Could not check reply url." and the Microsoft Graph API has an error "Could not get app or system token". The "Could not check reply url." we're unsure of because Moodle and Azure both have the correct reply URL for our environment.

What are the minimum required permissions to enable us to get the User matching process to function correctly?

Average of ratings: -
In reply to Chris Loweth

Re: local_o365 user matching minimum Azure permissions

by Kashyap Kr -
Hi Chris,
I am facing similar kind of problem. I want to fetch fields like reporting manager and organizational chart in the Moodle. How to implement codes to get all those fields in the Moodle. When a user is logging in first time to Moodle they are redirected to the profile info page(how to restrict) like they can edit, and how can i sync their courses, cohort and competencies.

Thanks.
Average of ratings: -