page.
This topic provides you with the details to complete the following two tasks:
● Task 1: Set up your Google single sign on (SSO) connection in Google OAuth and in Connected Systems (Ed or Flight) and Legacy Systems (ThinkCentral or Holt McDougal Online).
● Task 2: (Optional) Add the HMH SSO connection to Google apps menu for easier access.
Note: HMH supports Google SSO using OAuth. Google SSO using SAML is not supported at this time.
1. Open
the Google
API Console Credentials page.
2. From the project list, create a NEW PROJECT.
3. After creating a new project, select APIs and services from the left menu bar, select OAuth Consent screen, and then follow the on-screen instructions.
For additional information, see Google
support .
4. Select User Type.
5. Populate information that your users see on the consent screen and click Next.
6. If needed add or remove scopes and then click SAVE AND CONTINUE.
(Optional) If you want to test temporary accounts, add them here and in your HMH Platform with the same username. When done, remember to delete all test accounts.
Note: Most districts skip this step because most districts will test real accounts.
7. In the left menu bar, select APIs and services, select Credentials, and then click the Create Credentials button.
Next, select OAuth client ID, and then in the Application type list, select Web application.
8. Click Create, and then make note of and/or copy your client ID and secret (to be entered in your HMH platform in step 10d).
9. Log in to HMH as a district administrator, and do the following:
– For Ed users, open the My Schools page, on the left panel, click Roster.
○ If this is your first time importing, follow the on-screen wizard to import data and setup SSO on the wizard page titled Define Login Options.
○ If you have previously imported, then click SSO Configuration. The Single Sign On Settings page appears. Continue with step 10.
– For ThinkCentral or Holt McDougal Online users, click Import.
○ If this is your first time importing, follow the on-screen wizard to import data and setup SSO on the wizard page titled Define Login Options.
○ If you have previously imported, then you can use the shortcut by clicking SSO Configuration on the Roster Overview page. The Single Sign On Settings page appears. Continue with step 10.
10. Set up your HMH platform to use your new Google SSO connection:
a. Click SSO Configuration.
Note: If you are an Ed user, this button is located on your My Schools > Roster page. If you are a ThinkCentral or Holt McDougal Online user, this button is located on your Import Overview page.
b. Click the Add gSuite button.
c. Type a Connection Name, which can be any name you want to use to identify your connection.
d. Type the client ID and secret (from step 8) and connect.
e. If you want to force your users to only log in using only SSO, make sure your Global SSO Settings check boxes are selected (turned on).
11. Store critical connection information:
a. Copy and store all the HMH Platform SSO Endpoint URLs (URLs for Ed, ThinkCentral, Holt McDougal Online, and SAM) to a secure location (to be used in step 12).
b. From your HMH SSO Connections page, copy the HMH Redirect URL (to be used in step 11e). Google requires HMH to update the redirect URI to complete the integration setup.
c. If not already open, return to the Google API Console Credentials page, open your newly created SSO connection, and click on the Credentials tab.
d. Open your newly created connection in Google.
e. Click Add Uri, paste your HMH Redirect URL (from step 11b), and click Save.
12. Test the new connection (from step 11a) by logging in to Ed, Flight, ThinkCentral, Holt McDougal Online, and SAM as a student, teacher, and administrator to confirm all is working as expected.
If your test is successful, you can update your SSO Portal page or shortcut URLs on your client machines.
If desired, you can add the HMH SSO Connections to the Google apps menu (waffle grid) for easier access. This is an optional step and not necessary for your SSO setup.
1. Sign in to admin.google.com.
2. From the Admin console Home page, go to Apps > Web and mobile apps.
3. Click Add AppAdd custom SAML app.
4. On the App Details page, do the following:
a. Enter the name of the custom app.
b. Upload an app icon. The app icon appears on the Web and mobile apps list, on the app settings page, and in the app launcher. If you do not upload an icon, an icon is created using the first two letters of the app name.
5. Click Continue.
6. In the Service Provider Details dialog box, fill in the ACS URL, Entity ID, and Start URL with the HMH Platform SSO Endpoint URL.
7. Click Continue.
8. Click Finish.