Not logged in - Login
< back

Linking SIMS ID to Google

Google Onboarding SIMS ID and Google Tenacy Steps

Contents [hide]

GREENFIELD SITE Google Provisioning

This method of on-boarding is for a site that does not have users in the Google tenancy. If your tenancy has users that you wish to keep please refer to BROWN FIELD SITES Google Provisioning & user matching

Pre-Step 1 - Create the Google tenancy

Google process

Pre-Step 2 - Obtain Username and PW for the site in question

If you do not have a SIMS ID site you can request one from educationsalesadmin@sims.co.ukeducationsalesadmin@sims.co.uk

A SIMS ID site will be created, and an initial admin account will be provided.

Step 1 - Setup SIMS ID perquisites

Log in with credentials at https://id.sims.co.uk

Step 2 - Set username formats etc

Please see https://id.sims.co.uk/support/wiki/74/       

Step 3 - Link SIMS to SIMS ID.

Please refer to (https://id.sims.co.uk/support/wiki/73/)    

Step 4 - Ask SIMS ID to turn on Google

Provide the following info including the certificate generated for the Google tenancy

Refer to Google Tenancy Steps below. for details on creating the accounts and keys (aka certificate)

Development is underway to expose these pages to Local Site Admins to allow self on-boarding.

Step 5- Accounts will provision to Google

Once the tenancy is configured accounts will now provision to Google

Step 4b Set SIMS ID Google Preferences

Within SIMS ID > Preferences > Connected Services > Google, the below configurations are available

Auto Provisioning of Users and Groups

You are advised to set Staff, Students and Groups to ON

G Suite enabled services

OU Mappings – Provision Staff and Students to a different location within GSuite.

Step 6 - Issue usernames and passwords

Please refer to Regenerating and Distributing Temporary Passwords - updated for dealing with new year groups

OPTIONAL Step 7 - Google Gradesync Pilot

Using Google Grades Write back to SIMS Assessment Manager

BROWN FIELD SITES Google Provisioning & user matching

The method of on-boarding a site that already has users in the Google tenancy follows this process. If you have a blank tenancy you should refer to GREENFIIELD SITE Google Provisioning

The orange boxes represent steps that can only currently be carried out by SIMS ID staff.

Development is underway to expose these pages to Local Site Admins to allow self on-boarding.

Pre Step 1 - Acquire the Google tenancy

Google process lead by customer

Pre Step 2 - Obtain Username and PW for the site in question

If you do not have a SIMS ID site you can request one from educationsalesadmin@sims.co.ukeducationsalesadmin@sims.co.uk

A SIMS ID site will be created, and an initial admin account will be provided.

Pre Step 3 Extract users from Google tenancy

Google process lead by customer

Pre Step 4 Import into SIMS using the spring 2020 release feature

This sets the primary email address of each pupil with the Google mail address they have. Please see https://youtu.be/zIe22upVF6g for an overview of this feature.

Staff should also be set but this is manual and is probably done already.

Step 1 Setup SIMS ID perquisites

Log in with credentials at https://id.sims.co.uk

Step 2 Set username formats etc

Please see https://id.sims.co.uk/support/wiki/74/    

Step 3 Link SIMS to SIMS ID

Please see https://id.sims.co.uk/support/wiki/73/    

Step 4 Run the Google onboarding report

Please use SIMS ID Report Viewer for a report called ‘Google Onboarding’ for help on using report viewer please see https://id.sims.co.uk/support/wiki/40

Step 5 Data review

Review this report and add any missing email addresses in the email column and immutable id column

See below for the required report layout and example data.

Step 6 Provide CSV to SIMS ID Team

SIMS ID will import this data, eventually, an upload facility will be provided.

Step 7 Ask SIMS ID to turn on Google

Provide the following info including the certificate generated for the Google tenancy

Refer to Google Tenancy Steps. for details on creating the accounts and keys (aka certificate)

We are working on making this screen available to Local Site Administrators to allow full self-onboarding.

Step 8 Accounts will provision to Google

Once the tenancy is configured accounts will provision to Google, see below

Step 9 Set SIMS ID Google Preferences

Within SIMS ID > Preferences > Connected Services > Google, the below configurations are available

Auto Provisioning of Users and Groups

You are advised to set Staff, Students and Groups to ON

G Suite enabled services

OU Mappings – Provision Staff and Students to a different location within GSuite.

Step 10 Issue usernames and passwords

Please see Regenerating and Distributing Temporary Passwords - updated for dealing with new year roups

OPTIONAL Step 11 Google Gradesync

Using Google Grades Write back to SIMS Assessment Manager

Google Tenancy Steps.

This is a basic guide. You should refer to Google’s Support materials where you are unclear about any step.

Setting up the API link for provisioning

Visit: https://developers.google.com/admin-sdk/directory/v1/quickstart/dotnet

Log into the tenancy using a tenancy admin users.

Go to https://console.developers.google.com/flows/enableapi?apiid=admin&pli=1

  • Click “Continue” to create the API project

Click “Agree and Continue”

When the API has been enabled, click “Go to credentials”

Creating a Service Account

On the “Add credentials to your project” screen, click the “service Account” link

Click “Create Service Account”

Enter details and select options as shown below, then click on “Create”

Save the key to your Hard Drive – this will be used later.

Go to: Service Account Management

Add the sims-id-admin account to the SIMS ID Admin service account

Setting domain-wide delegation to for Calendar access

This is necessary only if you are planning on sending SIMS Timetable information to Google Calendars.

Navigate to Service Accounts.

Create a new Service Account called: simscalendar

Tick “G Suite Domain-wide Delegation” as shown below.

Set the role of this account to Organization Administrator as shown below

This creates a client with credentials as shown below, note the Type of client.

If the domain-wide delegation is missing the calendar provisioning will not work.

Setting domain wide delegation permissions

Note the client ID, as highlighted

Navigate to https://admin.google.com * Security * API Controls * Domain-wide delegation * Click on Manage Domain-wide delegation

Click Add new Enter Client ID (from above) Enter the one / all of the following in OAuth Scopes based on integration required.

User / Group Provisioning

  • https://www.googleapis.com/auth/admin.directory.group
  • https://www.googleapis.com/auth/admin.directory.group.member
  • https://www.googleapis.com/auth/admin.directory.user
  • https://www.googleapis.com/auth/drive (if required)

SIMS Timetable to Google Calendar

  • https://www.googleapis.com/auth/calendar

When you have added all the required scopes please click Authorise

Setting up single sign-on (SSO) with SIMS ID

Navigate to https://admin.google.com *Security * Setup single sign-on (sso) with a third party idp

Enter the below fields;

Sign-in page URL - https://sso.sims.co.uk/saml/google/https://sso.sims.co.uk/saml/google/emaildomain

email domain is school domain without the full stops i.e. greenabbey.capita.sch.uk - greenabbeycapitaschuk

Sign-out page url - https://sso.sims.co.uk/saml/sloservice

request certificate to be uploaded from capitasoftwaresupport@capita.co.uk

Tick - Use a domain-specific user

Change password url - https://id.sims.co.uk

Click Save