← Back to Blog

Authentication

Setting Up OAuth2 / SSO in Moodle — A Complete Guide

Prateek Sharma · March 2026 · 8 min read

Single Sign-On is one of the highest-impact changes you can make to a Moodle deployment. When faculty and students can log in with their existing Google or Microsoft accounts, support tickets drop, adoption increases, and the platform feels like part of the institution rather than a separate system.

Here's exactly how I configured OAuth2 SSO at IIT Patna for 10,000+ users — including every pitfall I hit along the way.

Step 1 — Create the OAuth2 App

Before touching Moodle, you need to create an OAuth2 application in your identity provider. For Google:

Go to Google Cloud Console → APIs & Services → Credentials
Create a new OAuth 2.0 Client ID → Web Application
Add your Moodle URL as an Authorised redirect URI: https://yourmoodle.com/admin/oauth2callback.php
Note your Client ID and Client Secret

Common mistake: adding http:// instead of https:// in the redirect URI. Moodle requires HTTPS for OAuth2.

Step 2 — Configure Moodle OAuth2 Issuer

In Moodle, navigate to Site Administration → Server → OAuth 2 services. Click "Google" to use the built-in template, or create a custom issuer for Microsoft or other providers.

Enter your Client ID and Client Secret. Set the login page display to show the SSO button prominently. Test the connection before proceeding — the built-in test will catch redirect URI mismatches immediately.

Step 3 — Enable the Auth Plugin

Go to Site Administration → Plugins → Authentication → Manage authentication. Enable "OAuth 2" in the list. Set it as the default auth method if you want all new accounts created via SSO.

Step 4 — Account Linking Strategy

This is where most deployments get complicated. You have three options:

New accounts only — SSO creates new Moodle accounts. Existing users must link manually.
Email matching — SSO automatically links to existing Moodle accounts with the same email. Best for institutions with existing user bases.
Username matching — Links based on username. Only works if your Moodle usernames match your identity provider's usernames.

At IIT Patna, we used email matching — it allowed the 5,000+ existing students to immediately use SSO without any manual linking step.

Step 5 — Testing & Rollout

Always test in a staging environment first. Create a test account in your identity provider and verify the full flow — login, account creation, and role assignment. Then do a phased rollout: admins first, then faculty, then students.

Keep manual username/password login enabled during rollout. Disable it only after confirming SSO works for all user types.

Common Issues

Redirect URI mismatch — Double-check the exact URL including trailing slashes
Duplicate accounts — Happens when email matching is off and users log in with SSO after having a manual account. Fix with the account linking tool.
Scope errors — Ensure your OAuth2 app requests the correct scopes: email, profile, openid

← Back to Blog

Infrastructure

Running Moodle on Linux — Production Setup Guide

Prateek Sharma·February 2026·12 min read

Most Moodle documentation covers installation steps. This guide covers what comes after — the performance tuning, security hardening, and operational practices that make the difference between a platform that just runs and one that runs reliably at scale.

LAMP Stack Setup

Start with Ubuntu 22.04 LTS. Install the LAMP stack:

sudo apt update && sudo apt upgrade -y
sudo apt install apache2 mariadb-server php8.1 php8.1-{curl,zip,xml,mbstring,gd,intl,soap,xmlrpc} -y
sudo systemctl enable apache2 mariadb

PHP Configuration

Moodle needs specific PHP settings. Edit /etc/php/8.1/apache2/php.ini:

max_execution_time = 300
memory_limit = 512M
post_max_size = 100M
upload_max_filesize = 100M
opcache.enable = 1
opcache.memory_consumption = 256

OPcache is the single biggest performance improvement for Moodle. Do not skip this.

MariaDB Tuning

Add to /etc/mysql/mariadb.conf.d/50-server.cnf:

innodb_buffer_pool_size = 1G
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 2
query_cache_type = 1
query_cache_size = 64M

Security Hardening

Run mysql_secure_installation immediately after install
Configure UFW: allow only 80, 443, and your SSH port
Install fail2ban to block brute force login attempts
Set up SSL with Let's Encrypt: certbot --apache -d yourdomain.com
Disable SSH password auth — use key-based authentication only

Cron Configuration

Moodle's cron must run every minute. Add to root crontab:

* * * * * /usr/bin/php /var/www/html/moodle/admin/cli/cron.php

Monitor cron execution — a stopped cron silently breaks grading, notifications, and backups without any visible error in the interface.

Ongoing Maintenance

Schedule weekly OPTIMIZE TABLE runs on the Moodle database
Monitor disk space — Moodle file storage grows faster than expected
Review Apache error logs weekly for PHP warnings that indicate plugin issues
Test restore from backup every semester — a backup you've never tested is not a backup

← Back to Blog

Plugins

Top 5 Moodle Plugins Every Administrator Should Know

Prateek Sharma·January 2026·6 min read

After managing Moodle for thousands of learners across multiple programmes, I've installed and uninstalled more plugins than I can count. Most add complexity without adding value. These five are the ones that actually made a measurable difference.

1. Attendance Plugin

The built-in Moodle gradebook tracks grades but not physical or virtual attendance. The Attendance plugin adds a dedicated attendance activity to any course — faculty can mark attendance, students can view their records, and admins can pull attendance reports across all courses.

At IIT Patna, this replaced a completely manual process that was consuming hours of faculty time each week. Installation is straightforward — download from the Moodle plugin directory, upload via admin, and it appears as a new activity type immediately.

Configure the grade integration carefully — automatic grade deduction for low attendance requires a clear policy communicated to students before enabling.

2. BigBlueButton (BBB)

For institutions doing live online classes, BBB integration is essential. It brings live sessions directly into the course interface — students join from their course page, recordings are published back automatically, and attendance is tracked within the session.

The key advantage over external tools like Zoom is the tight Moodle integration — no separate login, no link sharing, no confusion about which meeting to join.

3. Custom Certificate

Generating completion certificates manually for hundreds of students is painful. The Custom Certificate plugin lets you design branded certificate templates with dynamic fields — student name, course name, completion date, grade — and delivers them automatically on course completion.

We used this for all IITPSAT programme completions, eliminating what was previously a multi-day manual process each semester.

4. Questionnaire

More flexible than Moodle's built-in Feedback activity, Questionnaire supports branching logic, anonymous responses, and more question types. Essential for end-of-course evaluations and faculty feedback surveys.

5. Configurable Reports

Moodle's built-in reports are limited. Configurable Reports lets administrators build custom SQL-based reports directly in the interface — no direct database access required. We used this to build programme-specific dashboards showing completion rates, grade distributions, and engagement metrics.

This plugin alone replaced several manual monthly reporting processes that were being done in spreadsheets.

What to Avoid

Every plugin adds maintenance overhead and upgrade risk. Before installing any plugin, ask: does this solve a real problem we have today, or does it solve a hypothetical problem? The best Moodle deployments have fewer plugins, not more.