Why Would Edtech Products Implement Google Classroom SSO?

Many schools that use Google Classroom are interested in vendors that offer content that can integrate with Google Workspace for Education. Third-party products that supports integrated features, like SSO, can make life easier for teachers, students, and administrators. In fact, LMS integration is commonly requested in RFPs that are sent out to edtech vendors.

By implementing Google Classroom SSO, developers allow school IT admins to manage accounts and passwords through Google rather than the edtech product. This means developers don't have to build or manage a database containing sensitive passwords. Since IT admins are responsible for managing Google Clasroom passwords, developers won't receive as many support tickets from teachers and students who are having sign in trouble.

Implementing Google SSO for edtech products is the first step towards building deeper integrations. It enables a myriad of edtech products to sync course rosters, send grades to the gradebook, and perform a number of other tasks within Google Classroom. In fact, once a user is signed in with Google, you can build upon almost any functionality that their account can access.‌

How to Start Implementing Google Classroom SSO

Google Classroom integration and Google SSO are configured through the Google Workspace API. Google's API requires users or a Google administrator to authorize a product’s access to their data. A product that asks for access to data that Google's deems to be sensitive also must be verified by Google. This verification process can be costly and take several days to several weeks, depending on the scopes that are requested. Several Google Classroom scopes are considered to be sensitive and require verification.

Until an app is verified, Google restricts how many users can access it. Only 100 users total may access an unverified app. These users will see a warning screen when they attempt to sign into the application. They may also see this screen if the application requests scopes that have not been selected on the OAuth consent screen configuration page.

Once the unverified user cap is passed, users will not be able to continue into the application at all. Instead, they will receive the following message.

This process makes integrating with Google Classroom and implementing SSO through Google quite different than doing so through other LMSs, such as Schoology or Canvas.

Google Classroom SSO Through API Integration

The Classroom API only implements OAuth 2.0 to authenticate users. This is a notable deviation from other major learning management systems, who will typically offer some version of the LTI standard integration in addition to their API.

With OAuth 2.0 integration, users start on the product’s website or mobile app. Then users click a "Sign In With Google Classroom" button. Google will then prompt the user for their username and password (if they are not already logged into Google). Developers never see the password the user entered.

After the user has signed into Google, users are redirected back to the product’s website with a code that corresponds to their account. After exchanging this code, your website or app can ask Google for more details about the user, such as their personal information, their course enrollments, or their homework assignments.

Building an SSO integration with the Google Classroom API is also the first step to developing deeper integrations. Once a user is authenticated by Google, an app then has the ability to perform functions in Classroom on behalf of a user, like gathering a list of their courses or sending grades back to their gradebook.

What are the challenges of SSO for Google Classroom?

There are some issues that edtech developers commonly encounter when trying to integrate an SSO solution into their platform.

For example, many edtech products try to identify users who sign in through Google by their email address. Doing this can lead to unforeseen problems and leave users vulnerable.

We also see many developers try to assign a universal role to students, teachers, and administrators in their app based on their role in the LMS. Many LMSs, including Google, allows users to have multiple roles depending on the context.

Furthermore, Google Classroom does not support LTI. While most other major learning management systems support some level of LTI, Classroom does not. This means that any app developed for LTI has to be reworked to communicate with the Google Classroom API.

Read More on Google Classroom

Here are other articles we’ve written on Google Classroom to help you on your integration journey:

If you're looking for a partner to guide you through developing Google Classroom integrations, then let us introduce ourselves. We're Edlink!