Steps to Connect your Google Workspace or Classroom
To enable our ability to connect to your Google Workspace or Google Classroom, we will need you to complete the following steps:
NOTE: If you are using Google Workspace for Education, you must configure access for the Android, IOS, and Web app even if Google Sign-In is Unrestricted.
Authorize the API client
Under Security -> Access and data control -> API Controls -> Domain-wide delegation, go to Manage Domain Wide Delegation
Alternatively, simply search keywords API controls then click Manage domain-wide delegation
Add a new API client
Click Add new
Client ID:
108782313197887455191OAuth scopes:
For Google Workspace:
Used to verify if the user is a member of the workspace
For Google Classroom:
Used to check if there are any courses
Used to search classroom members and tell if they are Teachers or Students
If using both, add all four scopes
Click AUTHORIZE
Confirm parental consent: Click CONFIRM
Ensure Google Sign-In is not restricted
Select Security > Access and data control > API controls
If you do not see the Security option, please click Show More
Click Manage Google services
Locate Google Sign-in and check that it is Unrestricted
If Google Sign-in is Restricted, hover over the service and click Change Access
Select Unrestricted, and then click CHANGE
Configure access for your Android, iOS, and Web app
Select Security > Access and Data control > API controls
Click on Manage Third-Party App Access
Click on Configure new app
Search for your school’s Android app name and select it
If your app exists within the Edlio app, you will need to instead search for "Edlio"
Leave the scope as is, so it will be configured for all users, then click Continue
Make sure to select Trusted at the Access to Google data step, then click Continue
Click Finish then Confirm
Repeat these steps for
The iOS app:
Instead of searching your app name, please search for:
585793306247-mts9uf350dpmqv73t33vu01thdopqets.apps.googleusercontent.com
Please note that you will see “G-Suite Login”, this is the correct result, you will not see the name of your app.
The Web app:
Instead of searching your app name, please search for:
377575338553-vge5jlg95lquntfrtg9cpi6sd8kpilk5.apps.googleusercontent.com
Please note that you will see “SchoolInfoApp”, this is the correct result, you will not see the name of your app.
Provide the Required Information
Once all steps are complete, please provide the following information to the Data Integration Specialist assisting you with the setup process.
Your Google Workspace domain name (e.g., google.com)
A Google Workspace administrator's email address
Your Organizational Unit (OU) paths, and the corresponding App Roles you want them mapped to.
Example:
/Example District/Elementary School/Students/* -> StudentIf you want to map all sub-organizational units on the path to be mapped to the chosen role, please ensure you add an asterisk to the end of the path.
NOTE: If you are unsure what your Organizational Unit paths are, or what format to provide them in, please refer to the How to Provide Organizational Unit (OU) Paths section below.
After submitting this information to the Data Integration Specialist, we will complete the setup on our end. We will then notify you once your Google SSO is configured and ready for use.
Setup Steps Complete!
You’ve reached the end of the setup process. The information in the pages below contains additional help articles and resources. If you’ve completed the steps above, no further action is required unless you need assistance with specific tasks.
Additional Information
How to Provide Organizational Unit (OU) Paths
To ensure proper configuration, please provide the full OU path for each Organizational Unit (OU) in your Google Admin Console that you intend to use, along with the App Role you'd like mapped to each OU.
Refer to the screenshot provided below as an example to help you locate the OU paths in your Admin Console.
Step-by-Step Instructions:
Navigate to the Organizational Units page
Go to Directory > Organizational Units
Identify the Organizational Units you intend to use for your App.
E.g. Teachers, Staff, Students, etc.
Write down the full path for each Organizational Unit (OU) you intend to use
If you're unsure about the path, refer to the How to Read the OU Hierarchy section below.
Identify the Role you would like to use for each OU
Available roles for each OU:
Administrator
Teacher
Staff
Parent/Guardian
Student
Other
Submit the OU Paths and Roles in the following format:
For each Organizational Unit (OU), provide the full path followed by the mapped role in the following format:
/Full/OU/Path > Role
Examples:
/Teachers/Faculty > Teacher
/Teachers/Staff > Staff
/Test OU - Under 18 > Student
If you’re ready to proceed, please return to the Provide the Required Information section to continue the setup process.
How to Read the OU Hierarchy
The Organizational Unit (OU) Hierarchy is simple to read:
The top level, or root, is always represented by “/”
Each OU is listed under the root, with its name shown after a “/”.
For example, if you have an OU called “Students”, its path is /Students.
If an OU has sub-units, they are separated by additional slashes.
For example, if “Staff” is a sub-unit under “Teachers”, its path would be /Teachers/Staff.
If you’re ready to proceed, please return to the How to Provide Organizational Unit (OU) Paths section to continue the setup process.
Frequently Asked Questions (FAQs):
Will the SSO login overwrite roles assigned through my SIS?
If data is being synced from your SIS (Student Information System), any roles assigned through the sync will not be altered by SSO logins using OU paths. SSO-assigned roles will only apply to users who do not already have a role in the app.
What happens if I don't provide OU paths during the setup?
If OU paths are not provided, users who do not already have account information in the app will be assigned a default role upon login using SSO.
The default role is typically set to "Other". However it can be set to any other available role upon request.
For example, if user data is not being synced from your SIS, users can still log in via SSO. However, without OU paths, their accounts will be created with the default role.
What app roles are available to be mapped to?
We offer the following app roles for your OU paths:
Administrator:
Has access to everything on the dashboard and all public content or content restricted to admins on the app.
Teacher:
Has access to the app and limited access to the dashboard. On the dashboard they can manage staff push notifications, conversations, hall passes, and badges
Staff:
No dashboard access. App access only. They can access any public content or content restricted to the staff role.
Parent/Guardian:
No dashboard access. App access only. They can access any public content or content restricted to the Parent/Guardian role.
Student:
No dashboard access. App access only. They can access any public content or content restricted to the Student role.
Other:
No dashboard access. App access only. They can access any public content or content restricted to the Other role.