Super Admin Access Grant Follow
In this article:
- What is the purpose of the Super Admin access grant?
- Why do we need a Super Admin account on the student subdomain?
What is the purpose of the Super Admin access grant?
Google’s Open Authentication Protocol or “OAuth” requires that all third party applications (like Hāpara) are added individually by a Super Administrator in the domain.
OAuth is the industry-standard protocol for authorization. It allows third-party apps to access APIs without users having to give their credentials, including passwords, to those apps. Hāpara needs permission from a domain Super Administrator in order to work with a Google Workspace domain.
Hāpara is designed to align with the domain-level administrator functions in the Google Workspace environment so as to facilitate OAuth integration.
Our system requires validation that this Super Admin user is in the same Google Workspace instance as the students, but does NOT need to end in the student subdomain. If your Google Workspace instance has multiple subdomain, it is possible to use a single domain Super Admin account as long as this account has an email alias that ends in the student subdomain.
It is best practice to use a separate, non-human Super Administrator account, that is not linked to any real person. This prevents the scenario in which the person who has the domain Super Administrator account leaves the school/district, and/or the account is suspended or deleted, leaving Hāpara no longer functional on your domain.
Why do we need a Super Admin account on the student subdomain?
Strictly speaking, we do not require full Super Admin access, but we do require a user with at least Groups Admin and User Management Admin access.
This allows Hāpara to perform the following actions on student domains, which are part of core Hāpara functionality:
- Create and manage Google Groups and their memberships
- Create Hāpara system user accounts on the student domains. These accounts own the Google Drive folder structure that we create for the classes, teachers and students.
- Let teachers reset student passwords via Hāpara (this is an optional function).