The OpenID Connect plugin is installed in the normal process for plugins either cloning the git repository or downloading the zip file and following the steps below.
Unpack the plugin into /auth/oidc within your Moodle install.
From the Moodle Administration block, expand Site Administration and click "Notifications".
Follow the on-screen instructions to install the plugin.
To configure the plugin, from the Moodle Administration block, go to Site Administration > Plugins > Authentication > Manage Authentication.
Click the icon to enable the plugin, then visit the settings page to configure the plugin. Follow the directions below each setting.
Once the plugin is installed user accounts will need to be changed to use the authentication type or created using the authentication type. The office 365 local plugin can help automate this process.
The workflow for using the plugin is the same for any user and will vary based on the login workflow that an institution chooses to use.
In this login workflow the user navigates to the login page for Moodle and clicks on the link under login using your account on. The name of the link can be controlled by the administrator within the OpenID Connect settings. The user then logs in using the external system’s OpenID Connect process. For Office 365 this can be as simple as selecting your account if you have logged in before, or you will need to type in your email address and password. Once you have authenticated with the External system you are returned to Moodle. At this point the user is signed into both Moodle as well as the OpenID Connect system and any subsequent access to the system supporting the OpenID Connect system will have the user automatically logged in.
In this login workflow the user logs into Moodle using their username and password for the OpenID Connect system in the username and password fields of the Moodle login page. After the user clicks the login button the username and password is validated with the OpenID Connect system and the user is then logged into Moodle. With this login workflow the user is not signed into the OpenID Connect system. That system is just used to validate that the username and password are correct. Any use of the OpenID Connect Service provider will require the user to login to that system separately. For example if I accessed the OneDrive for Business repository I would be required to login to Office 365 again.
The documentation is sufficient for the plugin when it comes to using it with Office 365. It walks through the configuration of the plugin as well as how to transition users to using the authentication plugin.
The documentation currently doesn’t help an administrator configure the plugin to work with other OpenID Connect service providers. Once the configuration is completed and working the transition documentation will be applicable for any OpenID Connect provider.
OpenID Connect is used to allow institutions to sign users into systems that support the OpenID Connect framework. The major benefit is that it allows a reduction in the number of logins with integrations to external systems that support the same authentication framework.