Authentication: Difference between revisions

Latest revision as of 16:53, 13 November 2017

Authentication is the process of allowing a user to log in to a Moodle site with a username and password.

Authentication plugins

Moodle provides a number of ways of managing authentication, called authentication plugins.

Manual accounts - accounts created manually by an administrator
No login - suspend particular user account
Email-based self-registration - for enabling users to create their own accounts
CAS server (SSO) - account details are located on an external CAS server
External database - account details are located on an external database
LDAP server - account details are located on an external LDAP server
LTI - works with the Publish as LTI tool enrolment method to connect courses and activities
Moodle Network authentication - how different Moodle sites can connect and authenticate users
No authentication - for testing purposes or if the Moodle site is not available on the Internet. Do NOT use on public servers!
Shibboleth - account details are located on an external Shibboleth server
Web services authentication
Uniquelogin authentication to limit users to one simultaeous session

@@ Line 1: / Line 1: @@
-There are various ways of managing user '''authentication''':
+{{Managing a Moodle site}}
+Authentication is the process of allowing a user to log in to a Moodle site with a username and password.
-:[[Email-based authentication]]
+==Authentication plugins==
-:[[Manual accounts only]]
-:[[No authentication]]
-:[[PAM (Pluggable Authentication Modules)]]
-:[[Shibboleth]]
-:[[Use a CAS server (SSO)]]
-:[[Use a POP3 server]]
-:[[LDAP authentication|Use an LDAP server]]
-:[[NTLM authentication|Use NTLM/Integrated Authentication (3rd party plugin)]]
-==Закрытие областей профиля==
+Moodle provides a number of ways of [[Managing authentication|managing authentication]], called ''authentication plugins''.
-To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information, the site administrator can lock profile fields.
-[[Image:Authent-data-map-fname.jpg|Data Mapping Options]]
+*[[Manual accounts]] - accounts created manually by an administrator
-*These fields are optional. You can choose to pre-fill some Moodle user fields with information from the LDAP fields that you specify here.  If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.  In either case, the user will be able to edit all of these fields after they log in.
+*[[No login]] - suspend particular user account
-*'''Update local''': If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.
+*[[Email-based self-registration]] - for enabling users to create their own accounts
-*'''Lock value''': If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system.
+*[[CAS server (SSO)]] - account details are located on an external CAS server
-*'''Update external''': If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits.  Note: Updating external LDAP data requires that you set '''binddn''' and '''bindpw''' to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update.
+*[[External database authentication|External database]] - account details are located on an external database
+*[[LDAP authentication|LDAP server]] - account details are located on an external LDAP server
-If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen.  Remember to test the field locking by logging in with the proper type of account!  If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked!
+*[[LTI]] - works with the [[Publish as LTI tool]] enrolment method to connect courses and activities
+*[[MNet|Moodle Network authentication]] - how different Moodle sites can connect and authenticate users
-==Customising the login page==
+*[[No authentication]] - for testing purposes or if the Moodle site is not available on the Internet. Do NOT use on public servers!
+*[[Shibboleth]] - account details are located on an external Shibboleth server
-Depending upon the authentication method (i.e. not applicable for email authentication) login instructions may be easily added. Alternatively, an alternate login URL may be added - please check the Using Moodle discussion [http://moodle.org/mod/forum/discuss.php?d=26629 Customising the log in page] for further details.
+* Web services authentication
+*[[Uniquelogin authentication]] to limit users to one simultaeous session
 ==See also==
-*[http://moodle.org/mod/forum/view.php?id=42 Using Moodle: User authentication] forum
+*[[Authentication FAQ]]
-[[Category:Administrator|Admin/auth]]
+[[Category:Authentication]]
-[[Category:Authentication|Admin/auth]]
+[[eu:Erabiltzaileen_autentifikazioa]]
 [[fr:Authentification]]
+[[de:Authentifizierung]]
+[[ja:認証]]
+[[es:Autenticación]]

Documentation

Authentication: Difference between revisions

Latest revision as of 16:53, 13 November 2017

Authentication plugins

See also