G Suite
UMS integrates to G Suite with the module G Suite Sync which:
- Creates users and their e-mail accounts
- Maintains users in G Suite, i.e. data changes are synchronised to UMS
- Synchronises passwords
- Deletes users who no longer attend the school
Integration to G Suite quickly becomes profitable. With UMS, the school saves resources by automating many manual tasks
- Avoid having to program scripts to synchronise the data
- Users are automatically created with data from your student administration system
- It reduces the workload for the IT-department
Prerequisites
Module requirements
Installation
Organization settings
See description how to create/setup further down this page
Users
Mail Alias
Choose what to use as the users mail address (login).
Forward mail to on premise mail server
This will forward the users Google mail to the primary mail address from AD (If user does not have a proxy address it will read it from the mail attribute)
Disable users
When marked the users will be disabled when they are no longer attending classes.
Delete users
Choose if users are to be deleted after grace period has ended
Keep alive x days
Keep users as active in Google before disabling. This triggers when user is no longer on a template that has a google setting.
Keep disabled before deleting x days
Specify a grace period where users are kept as disabled users in Google.
Metadata configuration
Specify extra information to set on users in Google.
See this https://developers.google.com/workspace/admin/directory/reference/rest/v1/schemas
Distribution lists
Maintain lists
Mark this to create distribution groups in Google. The groups will be created, updated and deleted if this is specified.
Delete lists
Mark this to delete distributions groups when they are no longer active in the administrative system. Check the data export manuals too when this happens
Delete unused lists after x days
Specify in days how long the distribution groups are to be kept alive in Google before deletion.
Template security groups
Maintain
This will create the security group entered in the field “template security group” in the destination node in the template settings.
Timetable
Maintain
Mark this to create timetable blocks in Google Apps. They will be created, updated and deleted.
Delete old
Mark this to delete old timetable blocks from calendars.
Site
See LMS Settings for options not described below
Drive
See LMS Settings for options not described below
Classroom
There can only be a maximum of 990 classrooms in total in one organization.
Google designed features (Not UMS)
If a teacher leaves the school, the material that he has put into classrooms will be deleted as well.
If a user has too many classrooms it will be very slow for this user.
See LMS Settings for options not described below
Organization Settings
When creating Google API refer to this lInk
http://wiki.inlogic.dk/index.php/Google_app_API
Description
Add a description to be able to identify the account.
Admin login
Mail address of an administrative user
Password
Password for the admin login specified
Domain
The google domain that is used.
Client ID, Client Secret
This is obtained when following the instructions in the PDF document
Refresh token
This will be generated the first time google synchronization is started. If this is reset UMS will asked for it again when the next synchronization is run.
Timetable Users
This can be used when creating timetable blocks. Look in timetable documentation for this feature.
Template Settings
This is where you specify which templates are synchronized with Google and how.
Setting
This is the setting described above
Organization setting
Specify where the users are created
Path
This is where all users is placed
Use this path when below 13 years of age
This is where users that are under 13 years is placed. If this is not specified everyone will be placed under the path setting. (This is helpful when it comes to Google+)
OU Description
The description that is set on the OU when it is created.
Site settings
Settings used when creating sites from this template
Site category
A list of categories added to the site when creating it separated with a ;
A category called UMS will be added as well. (This cannot be change)
SQL Groups
Members of these groups will be attached to all sites created with this setting as teachers
Group name
This can only be a group that is found in UMS
You get a list of these groups by running this SQL command:
Select Distinct Aktivitet As Activity From Students Order By Activity
Drive settings
Settings used when creating drives from this template
Careful, do not name any of these type of subfolders with the same name.
Path
The path where the drives are created
Create user specific subfolder
Can only be used with learner rights set to viewer.
Create a folder for each student that is attached to each drive
Suffix
A text string that is appended to the folder name
Create subfolder (Teacher Read/Write - Student Read)
Can only be used with learner rights set to viewer.
A folder where teachers can upload data that students can only read
Suffix
A text string that is appended to the folder name
Create subfolder (Teacher Read/Write - Student Read/Write)
Can only be used with learner rights set to viewer.
A folder where teachers and students can share data both with read/write
Suffix
A text string that is appended to the folder name
Example
SQL Groups
Members of these groups will be attached to all sites created with this setting as teachers
Group name
This can only be a group that is found in UMS
You get a list of these groups by running this SQL command:
Select Distinct Aktivitet As Activity From Students Order By Activity
Classroom settings
Settings used when creating classrooms from this template
SQL Groups
Members of these groups will be attached to all sites created with this setting as teachers
Group name
This can only be a group that is found in UMS
You get a list of these groups by running this SQL command:
Select Distinct Aktivitet As Activity From Students Order By Activity
Installation G Suite Sync
Steps to make UMS sync work with G Suite.
Log on https://console.developers.google.com with your Google Admin account.
Go to the UMS “usermanagement folder” and run “GoogleApps_Sync.exe” manually.
Login to Google using credentials from Google Organization settings.
When logged in succesfully, “Accept” the following
If you get a “This page can’t be displayed”
Do not be alarmed. The job has been activated and you can check your GoogleApps_Sync.log to confirm that the job has completed running.
Parameters
> GoogleApps_Sync.exe [<optional> Action]
Eg.
> GoogleApps_Sync.exe
> GoogleApps_Sync.exe UsersOnly
| Parameter | Description |
|---|---|
| UsersOnly | Runs all the parameters in this table |
| CreateLearners | |
| CreateStaff | |
| UpdateLearners | |
| UpdateStaff | |
| RenameLearners | Rename the learners with a new mail/Login |
| RenameTeachers | Rename the teachers with a new mail/Login |
| DeleteLearners | |
| DeleteStaff | |
| DisableLearners | |
| EnableLearners | |
| DisableStaff | |
| EnableStaff | |
| UpdateLearnerOU | Move the learners to the correct OU |
| UpdateTeacherOU | Move the teachers to the correct OU |
| UpdateTeacherMailForward | |
| UpdateLearnerMailForward |
| Parameter | Description |
|---|---|
| GroupsOnly | Runs all the parameters in this table |
| CreateGroups | |
| CleanUpGroups | |
| AddTeachersToGroups | |
| RemoveTeachersFromGroups | |
| AddLearnersToGroups | |
| RemoveLearnersFromGroups |
| Parameter | Description |
|---|---|
| TemplateGroupsOnly | Runs all the parameters in this table |
| RemoveUsersFromTemplateGroups | Remove users from template security groups |
| AddUsers2TemplateGroups | Add users to template security groups |
| DeleteTemplateGroups | Delete groups that are no longer template security groups |
| Parameter | Description |
|---|---|
| WebSitesOnly | Runs all the parameters in this table |
| AddSites2DB | Add new sites to UMS DB |
| CreateSites | |
| UpdateSites | |
| DeleteSites | |
| AddTeachers2Site | |
| AddLearners2Site | |
| DeleteTeachersWebSites | |
| DeleteLearnersWebSites |
| Parameter | Description |
|---|---|
| ClassroomOnly | Runs all the parameters in this table |
| AddClassrooms2DB | Add new classrooms to UMS DB |
| CreateClassrooms | |
| UpdateClassrooms | |
| DeleteClassrooms | |
| AddTeachers2Classroom | |
| AddLearners2Classroom | |
| DeleteTeachersClassroom | |
| DeleteLearnersClassroom |
Technical settings
FAQ
Why do I not get the drive/site created?
1. Activity
a. Is there a user on the activity with a primary template that has an office 365 setting attached
b. Is the flag Aktivitet_LMS = True
2. Course
a. Is there a user on the course with a primary template that has an office 365 setting attached
b. Is the flag Skolefag_LMS = True
CreateGroups Error
Get root folders [Inlogic_Alle 1e-elever]
(CreateGroups) Error Google.Apis.Requests.RequestError
Not Authorized to access this resource/api [403] Errors [ Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global]
Get root folders
(CreateGroups) Error Google.Apis.Requests.RequestError
Not Authorized to access this resource/api [403]
Errors [ Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global]
The reason why that error occurs is that the mail adr. is used by another group or user. Test by manually creating a group in google admin portal. The image below shows the error.
To correct this error: create a USER with the same email address and then delete it again. After this, it will be possible to create the Group.
