Audience: ClassLink Administrator
Before you can effectively export to a destination, you will need to authorize access to that destination. Based on the destination type, you will have to follow different steps based on authorization type. Authorization for Active Directory occurs at the beginning of the destination creation process, while authorization for GSuite and Azure occurs after the destination has been created.
- Active Directory (Authorization)
- GSuite (Obtaining a Client ID & Secret)
- Google Sheets
- Azure (Obtaining a Client ID & Secret)
Active Directory (Authorization)
1. When creating an Active Directory destination, you will be prompted for your authorization credentials at the beginning of the destination creation process. You will need your username, password, domain, base path, and port. OneSync currently only supports LDAP protocols.
2. Press the Test Connection button to check your credentials. If you entered them correctly, this button will show Connected.
GSuite (Obtaining a Client ID & Secret)
To export to a GSuite destination, you must first register the OneSync API to allow it access to your Google Account using an API Client ID & Secret.
1. Create a new Project:
a. Go to https://console.developers.google.com/ and sign in.
b. Click on the drop down.
c. Click on NEW PROJECT.
d. Enter ClassLink for the Project name.
e. Click on Create button.
2. Enable necessary APIs and credentials:
a. From Dashboard, click on + ENABLE APIS and SERVICES.
b. In Search bar for the API Library enter Admin SDK. When found select it.
c. Click on the ENABLE button.
d. Select Credentials from menu on left.
e. Click on CONFIGURE CONSENT SCREEN button on right of screen.
f. Fill in the OAuth consent screen with.
i. Application Type Public.
ii. Application name onesync.
g. Midway down the screen click on the Add Scope button.
h. Click on the manually paste link toward the bottom of the screen.
i. In the box that opens up at the bottom enter the following on separate lines or separated by commas:
j. Click on the ADD button (of Add Scope window).
k. Click on the Save button (bottom of the Credentials window).
l. Click on the Create credentials button/dropdown and select OAuth client ID.
m. Select Web Application as the Application Type.
n. Enter the Name (ex. Web client onesync).
o. Enter the Authorized redirect URIs as http://localhost/oauth2 (Case Sensitive).
(if you do not access your onesync server via localhost, replace "http://localhost" with your url. For example: https://onesync.mydistrict.edu/oauth2 )
p. Press Enter.
q. Click on the Create button.
3. Save your client ID and client secret in notepad to use for Google authorization in OneSync.
Similar to GSuite, Google Sheets will need its own API key and secret. To create a new API key and secret for Google Sheets navigate to https://console.developers.google.com and enter the credentials of the Google account that you will be using to create API credentials with. Before you can obtain API credentials you will first need to go through the first and second step of the above GSuite documentation which will have you create a project and enable APIs on your Google account.
Once you've gone through the two steps stated above, from the dashboard you will want to navigate to the Google Library and select Google Sheets:
Make sure that you have your ClassLink application selected in the top left corner. Refer to the Authorization & API credentials document to learn how to set this up: https://support.classlink.com/hc/en-us/articles/360009284674-Authorization-API-Registration
After clicking on the Google Sheets API box, you will now want to enable the API connection:
After you enable your Google Sheets API you now have an API key and secret that you can use. Before using these credentials you will first want to alter the scope of credentials by navigating back to the Dashboard -> then navigate to the OAuth Credential Screen (which will be on the left navigation bar) and adding these two new scopes down below:
For security purposes OneSync will only accept Google Sheets that are not publicly accessible, this means that the Google user that is authorizing must have full access to the Google Sheet. For security reasons it is best to only import Google Sheets that you have created or a Sheet that has been created and managed by somebody within your organization.
Azure (Obtaining a Client ID & Secret via v2.0 endpoint)
To export to an Azure destination, you must first register the OneSync API to allow it access to your Azure Active Directory Account using an API Client ID & Secret.
1. Register a New App: Navigate and sign into the Azure Portal.
2. In the main menu to the left, navigate to Azure Active Directory -> App registrations (Preview).
3. Click the blue +New registration button at the top. This will bring you to a new page called Register an Application.
4. Name the app "OneSyncAPI."
5. Under "Supported account types," select "Accounts in any organizational directory".
6. Under "Redirect URI (optional)", enter the URL for your OneSync account with "Web" for the type. In most cases, this URL will be "http://localhost/oauth2". If you are using a custom URL, simply append "/oauth2" to it.
7. Click the blue Register button.
8. Manage Authentication: Once you register the app, you will be redirected to the app's Preview page.
9. In the second toolbar from the left, underneath the Manage section, click Authentication -> Scroll down to the Implicit grant section.
10. Select Access tokens and ID tokens.
11. Click Save at the top.
12. Assign Permissions: While you are still in the app's Preview page, navigate to API Permissions in the second toolbar.
13. Click the +Add a permission button. This will open a slide over with different APIs and permissions.
14. At the top of the slide over, under Commonly used Microsoft APIs -> click Microsoft Graph.
15. Click Delegated permissions. This will display a list of applicable permissions.
16. Search for and apply the following permissions:
17. Click the blue Add permissions button at the bottom left of the slide over.
18. To obtain the client ID, simply navigate to the app's Overview of the Preview page. The client ID will be list as at the top of the page.
19. To obtain a secret, navigate to Certificates Application (client) ID& secrets.
20. Underneath Client secrets -> click +New client secret.
21. You will give the secret a description and select the expiration date for it.
22. Click the blue Add button.
23. Copy the new client secret value. You won't be able to retrieve it after you leave this page.
Once you have the client ID and secret, you can authorize an Azure destination in OneSync.
For destinations and sources that have an API key and secret (Azure, Google Sheets, and G Suite) we have an Authorization Module to keep authorization credentials together in a single place. Within OS Settings navigate to the Auth Credentials tab and from there, you can add new credentials by clicking the blue Add Auth Credential button in the top right corner of the page which is shown below:
You can also edit previously made credentials by clicking the edit button which is a pencil and paper icon. When creating or editing a credential you can either Save or Save + Authorize, Save doesn't prompt an authorization pop-up whereas Save + Authorize prompts for the appropriate credentials for the account being authorized.
Updated: Oct 2019