Note: You are currently viewing documentation for Moodle 2.4. Up-to-date documentation for the latest stable version of Moodle may be available here: Authentication FAQ.

Authentication FAQ: Difference between revisions

From MoodleDocs
(authentication template, page update)
 
(17 intermediate revisions by 4 users not shown)
Line 8: Line 8:
To display the "Is this your first time here?" instructions and the "Create new account" button:
To display the "Is this your first time here?" instructions and the "Create new account" button:


# Make sure that the [[Email-based self-registration|email-based self-registration plugin]] (or any other plugin that can support self-registration, such as LDAP) is enabled in ''Administration > Users > Authentication > [[Manage authentication]]''.
# Make sure that the [[Email-based self-registration|email-based self-registration plugin]] (or any other plugin that can support self-registration, such as LDAP) is enabled in '' Settings>Site administration > Plugins > Authentication > [[Manage authentication]]''.
# Select the self-registration plugin in the common module settings.
# Select the self-registration plugin in the Common  settings.


Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. See [[Reducing spam in Moodle]] for ways of minimizing the risk.
Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. See [[Reducing spam in Moodle]] for ways of minimizing the risk.


==How can I change the "Is this your first time here?" instructions?==
==How can I change the "Is this your first time here?" instructions?==
#Access ''Settings > Site administration > Plugins > Authentication > [[Manage authentication]]''.
 
#Access ''Settings > Site administration > Plugins > Authentication > Manage authentication''.
#Write the instructions in the ''auth_instructions'' text field.
#Write the instructions in the ''auth_instructions'' text field.
#Click the "Save changes" button at the bottom of the page.
#Click the "Save changes" button at the bottom of the page.


If your site caters to more than one language you can edit the language via ''Site administration > [[Language editing]]. Choose the languages (one at a time) and click "edit words or phrases". Choose "file to edit" : moodle.php
An alternative method of providing custom login instructions is to edit the default login instructions using the language customization feature. This method should be used if you wish to provide custom login instructions in more than one language. See [[Managing authentication]] for further details.
Go to the string called "loginsteps" and put in the instruction text you want (for that language). Then repeat for the other languages you want offered.


==How do I set up LDAP authentication?==
==How do I set up LDAP authentication?==
Line 30: Line 30:


# Access the user's profile page.
# Access the user's profile page.
# Click the edit profile tab.
# In the Settings block, click "Edit profile".
# Select "No login" as the authentication method. (If the setting isn't shown, click the "Show advanced" button to reveal it.)
# Select "No login" as the authentication method. (If the setting isn't shown, click the "Show advanced" button to reveal it.)
# Click the "Update profile" button at the bottom of the page.
# Click the "Update profile" button at the bottom of the page.
Line 40: Line 40:
Selecting email-based self-registration as the self registration method allows potential users to self register.
Selecting email-based self-registration as the self registration method allows potential users to self register.


Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. This risk can be minimized by limiting self registration to particular email domains with the allowed email domains setting in ''Settings > Site administration > Users > Authentication > [[Authentication|Manage authentication]]''. Alternatively, self registration may be enabled for a short period of time to allow users to create accounts, and then later disabled.
Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. This risk can be minimized by limiting self registration to particular email domains with the allowed email domains setting in ''Settings > Site administration > Plugins> Authentication > [[Authentication|Manage authentication]]''. Alternatively, self registration may be enabled for a short period of time to allow users to create accounts, and then later disabled.
 
There is some discussion about having admin approval or new accounts created this way here: http://tracker.moodle.org/browse/CONTRIB-1444


==How can I create an authentication plugin?==
==How can I create an authentication plugin?==
Line 46: Line 48:
See [[Development:Authentication plugins]].
See [[Development:Authentication plugins]].


==How can students without email addresses have Moodle accounts?==
==How can students without email addresses create new Moodle accounts?==


See [[No Email]].
See [[No Email]].
==My students are too young to have emails, but it's a required field - what do I do?==
You can either use a fake email address when you upload the CSV file of your young students - or -
#Upload a CSV file without an email field. When previewing the accounts, set "Prevent email address duplicates" to ''No''.
#In "Default values", type in an email address.
#When the users are uploaded, they will all have the same email address. (It will say "duplicated" but the accounts will work)


==Where are users' details stored?==
==Where are users' details stored?==
Line 56: Line 64:
If Users' details are stored in the local Moodle database, it is called "internal authentication". Storing users' details externally is called "external authentication".
If Users' details are stored in the local Moodle database, it is called "internal authentication". Storing users' details externally is called "external authentication".


See [[Manage authentication]] for more information.
==Can you arrange for an e-mail to be sent to notify Users of new accounts?==
If you are creating ONE manual account, then no.
 
See Feature request here: http://tracker.moodle.org/browse/MDL-19390
 
See discussion http://moodle.org/mod/forum/discuss.php?d=117005
 
Bulk upload can be set up to send e-mails: see the discussion here: http://moodle.org/mod/forum/discuss.php?d=85333 (Which includes a code hack to do this as well.  (Also http://moodle.org/mod/forum/discuss.php?d=125000)
 
==Can you arrange for Admins to be notified of new self registrations==
See this discussion: http://moodle.org/mod/forum/discuss.php?d=212648
 
==How can I have users logging in with their email address?==
 
See this Forum thread: [http://moodle.org/mod/forum/discuss.php?d=199457#p869691 Logging in Using Email or Username]
 
==How can I allow users to bypass NTML SSO?==
 
When NTLM SSO is enabled on a Moodle site the SSO function always logs the user who is logged into the computer into Moodle. Sometimes you may need to override this feature and login to Moodle as another user. Example: when a teacher or site administrator needs to login to the students computer to troubleshoot a problem. Or the teacher simply needs to access functionality that is not available to the student and the teacher is not anywhere near her own computer.
 
The problem is that the Moodle logout option is not available when SSO is enabled - the user simply gets logged back into Moodle. To bypass the SSO you can add this to the url:
 
<code>/login/index.php?authldap_skipntlmsso=1</code>
 
Example: http://yourschool.com/login/index.php?authldap_skipntlmsso=1
 
The NTLM SSO will be disabled (for this login only) and you will get the regular Moodle login page.
 
{{warning|message=This bypass won't work if you have the [[Site policies#Force users to login|''Force users to login'' site policy]] enabled. In that case, SSO is applied to all pages on the site, including the log in and log out pages.}}
 
See the Using Moodle [http://moodle.org/mod/forum/discuss.php?d=200641 Bypass NTML SSO for Moode 2.2] forum discussion for details.


==See also==
==See also==


* Using Moodle [http://moodle.org/mod/forum/view.php?id=42 User authentication forum]
* Using Moodle [http://moodle.org/mod/forum/view.php?id=42 User authentication forum]
* https://docs.moodle.org/24/en/Accounts_FAQ


[[Category:FAQ]]
[[Category:FAQ]]


[[de:Authentifizierung FAQ]]
[[de:Authentifizierung FAQ]]

Latest revision as of 17:43, 3 October 2013

What is an authentication plugin?

An authentication plugin is a method of handling user authentication i.e. enabling certain people to login to your Moodle site.

How do I enable the "Create new account" button on the login page?

To display the "Is this your first time here?" instructions and the "Create new account" button:

  1. Make sure that the email-based self-registration plugin (or any other plugin that can support self-registration, such as LDAP) is enabled in Settings>Site administration > Plugins > Authentication > Manage authentication.
  2. Select the self-registration plugin in the Common settings.

Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. See Reducing spam in Moodle for ways of minimizing the risk.

How can I change the "Is this your first time here?" instructions?

  1. Access Settings > Site administration > Plugins > Authentication > Manage authentication.
  2. Write the instructions in the auth_instructions text field.
  3. Click the "Save changes" button at the bottom of the page.

An alternative method of providing custom login instructions is to edit the default login instructions using the language customization feature. This method should be used if you wish to provide custom login instructions in more than one language. See Managing authentication for further details.

How do I set up LDAP authentication?

See LDAP authentication for full instructions.

How is the "No login" authentication plugin used?

The No login authentication plugin can be used to suspend particular user accounts. To do so:

  1. Access the user's profile page.
  2. In the Settings block, click "Edit profile".
  3. Select "No login" as the authentication method. (If the setting isn't shown, click the "Show advanced" button to reveal it.)
  4. Click the "Update profile" button at the bottom of the page.

What is the difference between enabling the email-based self-registration auth plugin and selecting it as the self registration method?

The email-based self-registration authentication plugin must be enabled to allow users who previously self-registered to login.

Selecting email-based self-registration as the self registration method allows potential users to self register.

Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. This risk can be minimized by limiting self registration to particular email domains with the allowed email domains setting in Settings > Site administration > Plugins> Authentication > Manage authentication. Alternatively, self registration may be enabled for a short period of time to allow users to create accounts, and then later disabled.

There is some discussion about having admin approval or new accounts created this way here: http://tracker.moodle.org/browse/CONTRIB-1444

How can I create an authentication plugin?

See Development:Authentication plugins.

How can students without email addresses create new Moodle accounts?

See No Email.

My students are too young to have emails, but it's a required field - what do I do?

You can either use a fake email address when you upload the CSV file of your young students - or -

  1. Upload a CSV file without an email field. When previewing the accounts, set "Prevent email address duplicates" to No.
  2. In "Default values", type in an email address.
  3. When the users are uploaded, they will all have the same email address. (It will say "duplicated" but the accounts will work)

Where are users' details stored?

Users' details can be stored in local Moodle database or externally.

If Users' details are stored in the local Moodle database, it is called "internal authentication". Storing users' details externally is called "external authentication".

Can you arrange for an e-mail to be sent to notify Users of new accounts?

If you are creating ONE manual account, then no.

See Feature request here: http://tracker.moodle.org/browse/MDL-19390

See discussion http://moodle.org/mod/forum/discuss.php?d=117005

Bulk upload can be set up to send e-mails: see the discussion here: http://moodle.org/mod/forum/discuss.php?d=85333 (Which includes a code hack to do this as well. (Also http://moodle.org/mod/forum/discuss.php?d=125000)

Can you arrange for Admins to be notified of new self registrations

See this discussion: http://moodle.org/mod/forum/discuss.php?d=212648

How can I have users logging in with their email address?

See this Forum thread: Logging in Using Email or Username

How can I allow users to bypass NTML SSO?

When NTLM SSO is enabled on a Moodle site the SSO function always logs the user who is logged into the computer into Moodle. Sometimes you may need to override this feature and login to Moodle as another user. Example: when a teacher or site administrator needs to login to the students computer to troubleshoot a problem. Or the teacher simply needs to access functionality that is not available to the student and the teacher is not anywhere near her own computer.

The problem is that the Moodle logout option is not available when SSO is enabled - the user simply gets logged back into Moodle. To bypass the SSO you can add this to the url:

/login/index.php?authldap_skipntlmsso=1

Example: http://yourschool.com/login/index.php?authldap_skipntlmsso=1

The NTLM SSO will be disabled (for this login only) and you will get the regular Moodle login page.

warning.png Warning: This bypass won't work if you have the Force users to login site policy enabled. In that case, SSO is applied to all pages on the site, including the log in and log out pages.

See the Using Moodle Bypass NTML SSO for Moode 2.2 forum discussion for details.

See also