What is Single-Sign-On and how does it work with Moodle?

What is Single-Sign-On and how does it work with Moodle?

What are authentication methods

Within Moodle, there are numerous ways to authenticate users into your site. These are often referred to as Authentication methods. You can set and view the current authentication methods for your site by navigating to:

Site administration > Plugins > Authentication > Manage authentication

Moodle Authentication-Plugins

You can disable specific authentication methods or move their order within the list of priorities. The table will also display the number of users that are using this authentication method to log into your site.

What is single-sign-on?

Single-sign-on is a service that allows a user to log into multiple websites and software with a single identity. For example, you may be familiar with using your Google account to log into multiple websites. This service is beneficial due to its simplicity, and not requiring the user to memorize multiple login credentials for various sites.

The SAML2 and OpenID are two popular single-sign-on plugins used within the Moodle community.


The SAML2 plugin is a great choice because all the setting configuration is done within Moodle. This means that you do not need to perform any additional installs or utilize any extra applications. You can install the plugin and ensure that you have enabled it within the Manage authentication page. You may access the SAML2 settings from this page or follow the instructions below.

Access SAML2 settings page:
Site administration > Plugins > Authentication > SAML2

Moodle SAML2 settings

For more information on the SAML2 authentication plugin please refer to:

OpenID Connect

The OpenID authentication plugin provides the single-sign-on functionality by utilizing configurable identity providers. These include the Azure Active Directory which is included in the Microsoft 365 suite of plugins. This plugin allows users to log into Moodle with their Microsoft 365 account. Users with the existing Moodle accounts can be switched over to this authentication type. In addition, new users can log in with this plugin and have a new Moodle account created for them.

Please ensure that you have enabled the plugin on the Manage authentication page. You can access the settings for OpenID Connect by clicking the settings link or alternatively by following the instructions below.

Access OpenID Connect settings page:
Site administration > Plugins > Authentication > OpenID Connect

Moodle Open ID Connect

For more information on the Moodle legacy OAuth2 authentication, plugin please refer to:

For more information on Google’s OAuth2 authentication plugin, please refer to:

Setting a user’s authentication method

A user’s authentication method can be updated or defined when the user account is created or when the user profile is edited.

Moodle user's authentication method

For example, users who have the OpenID Connect authentication method may log into your Moodle site by clicking the OpenID Connect button on the login page.

Moodle OpenID Connect authentication