Revision as of 18:11, 1 November 2007 by Howard Miller (talk | contribs) (Self registration)

Jump to: navigation, search

Note: You are currently viewing documentation for Moodle 3.1. Up-to-date documentation for the latest stable version of Moodle is probably available here: Authentication.

Location: Administration > Users > Authentication

Authentication methods

One of the first things you need to consider when setting up your Moodle site is user authentication i.e. enabling people to login to your Moodle site.

Authentication methods (also known as authentication plugins) include:

Setting the authentication method

Choosing an authentication plugin

To set the authentication method:

  1. Click on Authentication in the Site Administration block.
  2. On the authentication page, click on the closed eye icon to enable your chosen authentication plugin. In Moodle 1.8 onwards, you can choose to use more than one authentication method. Use the up/down arrow icons to arrange the plugins in order, with the plugin handling the most logins at the top of the page. This will minimise authentication server load.
  3. If you have chosen Email-based self-registration, select "Email-based self-registration" from the self registration drop-down menu in the common settings section. Potential users will then be presented with a "Create new account" button on the login page.
  4. If you have courses with guest access, set the Guest login button to show.
  5. Click the "Save changes" button.
  6. Click on Settings opposite the authentication plugin(s) you have chosen.
  7. Configure the required settings and click the "Save changes" button.


Template:Moodle 1.8From Moodle 1.8 onwards, multi-authentication is supported. Simply click on the closed eye icon to enable a particular plugin.

Each authentication plugin may be used to find a username/password match. Once found, a user is logged in and alternative plugins are not used. Therefore the plugin which handles the most logins should be moved to the top of the page in order that less load is put on authentication servers.

Common settings

Most of these settings are self-explanatory.

Self registration

If you wish users to be able to create their own user accounts, i.e. self-register, then select Email-based self-registration from the drop-down menu.

Alternate login URL

This should be used with care, since a mistake in the URL or on the actual login page can lock you out of your site. If you do mess it up, you can remove the entry from your database (table mdl_config) using, e.g., phpmyadmin for mysql.

Forgot password URL

Template:Moodle 1.9If your lost password handling is performed entirely outside of Moodle (for example, only by a help desk), you can set the url of that service here. Anybody pressing a "lost password" link in Moodle will be redirected to this URL. Note that this will disable all of Moodle's lost password recovery options regardless of authentication method(s) in use.

Locking profile fields

To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information), the site administrator can lock profile fields.

Data Mapping Options

  • These fields are optional. You can choose to pre-fill some Moodle user fields with information from the LDAP fields that you specify here. If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead. In either case, the user will be able to edit all of these fields after they log in.
  • Update local: If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.
  • Lock value: If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system.
  • Update external: If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits. Note: Updating external LDAP data requires that you set binddn and bindpw to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update.

If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen. Remember to test the field locking by logging in with the proper type of account! If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked!

See also