This article is for IT Support.
If your school uses Google Workspace for Education, you can import your Google Users, Groups, and Classrooms into School Manager. Once the groups and classrooms have been synced, they can be used as classrooms in Classwize.
Before you start
You will need a minimum of 15 minutes to complete the configuration. The initial sync can take up to three hours, depending on the size of your directory.
Prerequisites
To enable Google integration with School Manager, you will need:
- Your school’s Google domain
- Credentials for a Google domain account with Super Administrator privileges to enable Google API
- If using OAuth, your OAuth Client ID and Client Secret.
You must also enable the following Google Sync Permissions:
- View organization units on your domain.
- View groups on your domain.
- View users on your domain.
- View the email addresses of people in your classes.
- View your Google Classroom class rosters.
- View your Google Classroom classes.
Linking your Google Domain
Configuring the integration
To configure Google user authentication:
- Log in to School Manager and go to Configuration > Authentication > Google.
- Configure Google integration using the settings tables below and select Save.
Required Settings
| Setting | Description |
| Enabled | This allows Google integration. |
| Sync User Database | This allows School Manager to import your Google Users and Groups. |
| Domain and Administrator | These are Google credentials needed to integrate to Google Service. |
Optional Settings
| Settings | Descriptions |
| Strip Domain |
By default, School Manager imports Google users with username as username@schooldomain.com. If you enable strip domain, School Manager will import the user as username. The email address will always be username@schooldomain.com. The most common use of this feature is to authenticate Windows or macOS computers when LDAP is not available. |
| Use FZ Auth API |
By default, the extension will use Google OAuth for authentication. This requires the student to accept permission requests for our extension to access their Identity information. If you enable Use FZ Auth API, the extension will connect directly to the Linewize cloud authentication service. No explicit acceptance is required by the student to get authenticated. This operates on and off the network. |
| Allow Chrome Extension Authentication | When disabled, SphireOS won't authenticate the user's device, meaning it will use the information collected by the Chrome extension to authenticate the user’s device. |
| Sync Organization Units | When enabled, this will sync any organizational units that were previously set up in Google. |
| Sync Classrooms |
Important You must enable this if your school uses Google Classroom with Classwize. When enabled, this allows School Manager to import information from Google Classrooms and assign students and teachers to Classwize classrooms. |
| OAuth Client ID and OAuth Client Secret |
It can take a long time for a standard Google sync import to complete. However, you can use your API key to increase the speed of classroom sync significantly. It will also allow Classwize teachers to sync classes within Classwize. To let teachers sync with Google Classroom using Classwize, go to Configuration > Classwize and select Allow teacher to sync Google Classrooms under the Teacher Requirements settings. |
| Sync By ID |
Syncing by ID allows you to sync multiple groups with the same name, however under different IDs. Note When enabled, Strip Domain doesn't apply to groups anymore and changing this can invalidate existing filtering rules. |
Activating the Link
- Activate the Google integration by selecting Link Credentials on the right-hand panel.
- You will be redirected to a Google authorization page. It will auto populate the Username in the Administrator field.
- Select Next, then enter the Password.
- Select Allow and you will be redirected back to the School Manager interface.
All the permissions requested are read-only. Linewize will not make changes to your Google account with the sync.
Validating the Link
- Test the connection by selecting Run Sync.
- When it’s complete, you will see a message above your settings that will inform you how many groups and users have been imported from your Google domain.
The initial sync may take up to three hours to complete, depending on the size of your directory. You can still use School Manager while the sync is in progress.
If the sync was unsuccessful, Sync Status will display “Failed”. You will also have the option to Run Sync again after 15 minutes.
Google Classroom and Classwize
Once Google is integrated and the sync is complete, it will import all the Users, Groups, and Classrooms from your Google service to School Manager and Classwize. You can let teachers manually sync their Google Classrooms from within Classwize. Teachers and IT administrators can safely sync Google Classroom from Classwize during school hours.
You can provide these instructions to teachers to help them with syncing:
- Syncing with Google Classroom: Explains how to conduct a sync from Classwize and provides basic troubleshooting steps for common sync issues.
- Introduction to Class Types: Explains how to tell which classes are synced.
Enabling Google Login for the Captive Portal
If you would like users to be able to log into the Captive Portal with their school Google accounts, you must enable Google Authentication in the Captive Portal section. To do this, navigate to Authentication > Captive Portal and enable the Google Authentication Method in your Captive Portal.
Manually Syncing the Google Service
You should only run a manual sync outside of school hours. Running a manual sync can take up to three hours and can affect the performance of Classwize.
Google Classroom automatically syncs with School Manager once a week, on the weekend, between 12:01 AM Saturday and 11:59 PM Sunday in your devices' timezone. However, you have the option to manually sync the two together. If you have made some changes to your users, groups, or classrooms in Google and want to update School Manager.
- Select Configuration > Authentication > Google.
- Select Run Sync.
Google Integration Troubleshooting
When will syncs run?
Google Classroom automatically syncs with School Manager once a week on the weekend, between 12:01 AM Saturday and 11:59 PM Sunday in your devices' timezone. However, you can manually run a sync if you need to propagate changes before the automatic sync period. You can also let teachers manually sync their Google Classrooms from within Classwize.
I made changes to my classrooms, but I can’t see it in School Manager/Classwize
If you need your changes to appear sooner than the next automatic sync, you must run a manual sync.
Error: 403 Access Not Configured
This error can happen when Linewize services don’t have the right Google permissions. There are three settings that you may need to change: API Access, Age-based access settings or App Access control.
API Access
To enable API access permission:
- Go to the Google Admin Console > Security > API reference.
- Select the Enable API access checkbox.
- Select Save.
Age-based access settings
Check the Google Organizational Unit (OU) where the service account email is configured in School Manager.
- Sign in to School Manager and go to Configuration > Authentication > Google.
- Identify the service account email used for Google sync.
Verify the service account’s OU in Google Admin Console.
- Go to the Google Admin Console > Account settings > Age-based access settings.
- Select All users in the group or org unit are 18 or older option.
- Select Save.
Return to School Manager and revoke and relink your Google domain.
- Go to Configuration > Authentication > Google.
- Select Revoke.
- Select Link Credentials to your Google domain.
- Select Run Sync to test linking to your Google domain.
App Access Control
Check App access control has been configured in Google Admin Console.
- Sign in to School Manager and go to Configuration > Authentication > Google.
- Select Link Credentials and you will be directed to a Google Sign In
- Sign in with the service account email used for Google sync.
- If you see Access blocked: Your institution’s admin needs to review Login, select Request Access.
- Go to the Google Admin Console > Home.
- Select Review apps under App access control.
- Find Login under Apps pending review, then select Configure access.
- Select school domain (all users) option for Scope, then Next.
- Select Trusted option for Access to Google Data, then Next.
- Select Configure Access, then Confirm.
Return to School Manager and revoke and relink your Google domain.
- Go to Configuration > Authentication > Google.
- Select Revoke.
- Select Link Credentials to your Google domain.
- Select Run Sync to test linking to your Google domain.
Error: 429 Rate Limit error
This error is caused by sending too many requests to the API within a specified time period. Please contact Linewize Support to help you with the oAuth configuration.
Error: 503 Service Unavailable error
This error is caused by the Google service being unavailable at the time of the sync. While this will typically resolve itself during the next automatic sync, you can try manually syncing later. If this error occurs over multiple consecutive days, please contact Linewize Support.
Error: 403 Classroom Disabled error
This error is typically caused when the Classroom API access is disabled. Enable the API is enabled by:
- Go to the Google Admin Console > Apps > Additional Google Services > Settings for Classroom
- Ensure that the Service Status is set to ON
If the API is enabled and you still receive this error message, contact Linewize Support.
I’m getting an invalid_grant: Bad Request error
This error can be caused by using invalid Google domain account credentials. Please check the credentials you've provided and try again.
Comments
0 commentsPlease sign in to leave a comment.