Looking for up-to-date Help documentation? Documentation for the latest releases of Totara is now available at totara.help!

Visit the new Help site

On this page

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space THM and version 13

...

Note

The open eye icon () means a service is enabled, therefore clicking it disables the service. Whereas a closed eye icon () means the service is disabled, therefore clicking it enables the service. 

Connecting system accounts

In some instances you can connect system accounts (i.e. Totara user accounts) to provide advanced functionality for plugins. Connecting accounts isn't required for login functionality, but note that other plugins using the OAuth service may offer a reduced set of features if a system account has not been connected. For example, when using repositories without a connected system account, controlled links for file operations will not be supported.

Click the icon in the System account connected column to connect an account. Once you have connected an account, the email address associated with that account will display in this column. 

Login via Microsoft account

...

  1. Go to the Microsoft Azure portal.
  2. Click New registration under App registrations.
  3. Give your app a name, e.g. 'Totara'.
  4. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for Supported account types.
  5. Choose Web for Redirect URI.
  6. Add your site's URL appended with /admin/oauth2callback.php to the Redirect URLs section e.g. https://totaralearn.com/admin/oauth2callback.php.
  7. Click Register.
  8. Take a note of the Application (client) ID.
  9. Select Authentication from the side menu.
  10. Ensure that the Implicit grant settings are disabled.
  11. Select API permissions from the side menu.
  12. Ensure that the User.Read permission is available under Microsoft Graph (1), and if it is not then add it.
  13. Select Certificates & secrets from the side menu and click New client secret.
  14. Add a description, e.g. your app name (Totara), and select when the password/secret will expire.
  15. Copy the generated secret string value for use in Totara.
  16. In Totara go to  Quick-access > Server > OAuth 2 services from the quick-access menu.
  17. Click Create a new Microsoft service.
  18. Enter the password generated in the Microsoft Azure portal as the Secret and the application ID as the Client ID.
  19. Click Save changes.

You can see more instructions from Microsoft on their website.

Send email with Microsoft

If you wish to enable Microsoft OAuth2 authentication for your email connection then you will need to enable the OAuth 2 plugin on your Totara site and go to the Microsoft developer console to configure authentication. 

  1. Go to the Microsoft Azure portal.
  2. Click New registration under App registrations.
  3. Give your app a name, e.g. 'Totara Email'.
  4. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for Supported account types.
  5. Choose Web for Redirect URI.
  6. Add your site's URL appended with /admin/oauth2callback.php to the Redirect URLs section e.g. 'https://totaralearn.com/admin/oauth2callback.php'.
  7. Click Register.
  8. Take a note of the Application (client) ID.
  9. Select Authentication from the side menu.
  10. Ensure that the Implicit grant settings are disabled.
  11. Select API permissions from the side menu.
  12. Ensure that the User.Read and Mail.Send permissions are available under Office 365 Exchange Online, and if they are not then add them.
  13. Select Certificates & secrets from the side menu and click New client secret.
  14. Add a description, e.g. your app name (Totara Email), and select when the password/secret will expire.
  15. Copy the generated secret string value for use in Totara.
  16. In Totara go to Quick-access menu > Server > OAuth 2 services.
  17. Click Create a new custom service.
  18. Enter a name, e.g. 'Microsoft Email OAuth'.
  19. Enter the password generated in the Microsoft Azure portal as the Secret and the application ID as the Client ID.
  20. In Scopes included in a login request add the following: https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read
  21. In Scopes included in a login request for offline access add the following: https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read offline_access
  22. Uncheck Show on login page (it is recommended that you do not mix the email and login OAuth services).
  23. Click Save changes.
  24. Click the Configure Endpoints icon for the new service.
  25. Click Create new endpoints and then add the following:

  26. Return to the OAuth2 services page.
  27. Click the User field mapping icon.
  28. Click Create new user field mapping and then add the following:

    External field name

    Internal field name

    DisplayNamealternatename
    EmailAddressemail
  29. Return to the OAuth2 services page.
  30. Click on the Connect to a system account icon.
  31. ClickContinue.
  32. Sign in with your Microsoft email account that is used for your Totara email service.
  33. Accept the permissions in Microsoft.
  34. When Totara loads again, confirm your email shows under the system account section.
  35. Go to Quick-access menu > Server > Email > Outgoing mail configuration.
  36. Change SMTP Auth Type to XOAUTH2.
  37. Change Oauth2 Service and choose the OAuth service you just created.
  38. Set SMTP Username to the email of the account used for sending email.
  39. Set SMTP Password to any random text. It must not be blank, but otherwise it does not matter.
  40. Click Save changes.

Login via Google account

If you wish to enable Google account login then you will need to enable the OAuth 2 plugin on your Totara site and go to the Google developer console to configure authentication. 

...