Note: You are currently viewing documentation for Moodle 3.4. Up-to-date documentation for the latest stable version of Moodle is likely available here: Authentication.

Authentication: Difference between revisions

From MoodleDocs
Main pageManaging a Moodle siteAuthentication
Managing a Moodle site
(common settings - order of enabled plugins)
(removing IMAP, FirstClass, POP3, NNTP, PAM (MDL-50925))
 
(62 intermediate revisions by 19 users not shown)
Line 1: Line 1:
There are various ways of managing user '''authentication'''. You can enable one or more of them. If enabled more then one, each of them will be used to find the username/password match. Once found, the user is logged in and the other authentication methods don't need to be tested any more. Therefore it is good practice to put the authentication method on top which handles the most logins so less load is put on your authentication servers.
{{Managing a Moodle site}}
Authentication is the process of allowing a user to log in to a Moodle site with a username and password.


==Authentication plugins==
==Authentication plugins==


*[[Manual accounts]]
Moodle provides a number of ways of [[Managing authentication|managing authentication]], called ''authentication plugins''.
*[[No login]]
*[[Email-based authentication|Email-based self-registration]]
*[[CAS server (SSO)]]
*[[External database authentication|External database]]
*[[FirstClass authentication|FirstClass server]]
*[[IMAP authentication|IMAP server]]
*[[LDAP authentication|LDAP server]]
*[[Moodle Network authentication]]
*[[NNTP authentication|NNTP server]]
*[[No authentication]]
*[[PAM (Pluggable Authentication Modules)]]
*[[POP3 server]]
*[[RADIUS authentication|RADIUS server]]
*[[Shibboleth]]
*[[NTLM authentication|NTLM/Integrated Authentication (3rd party plugin)]]


==Common settings==
*[[Manual accounts]] - accounts created manually by an administrator
The settings chosen here will apply for any chosen authentication method. Most of them are self explaining.
*[[No login]] - suspend particular user account
*With the '''Selfregistration''' option, it is possible to choose a method whereby users can make there own account (if you want that possibility).
*[[Email-based self-registration]] - for enabling users to create their own accounts
*The '''Alternate login url''' should be used with care, since a mistake in the url or on the used login page can lock you out of your site. If you do mess it up, you can remove the entry from your database (table mdl_config), using e.g. phpmyadmin for mysql.  
*[[CAS server (SSO)]] - account details are located on an external CAS server
*[[External database authentication|External database]] - account details are located on an external database
*[[LDAP authentication|LDAP server]] - account details are located on an external LDAP server
*[[LTI]] - works with the [[Publish as LTI tool]] enrolment method to connect courses and activities
*[[MNet|Moodle Network authentication]] - how different Moodle sites can connect and authenticate users
*[[No authentication]] - for testing purposes or if the Moodle site is not available on the Internet. Do NOT use on public servers!
*[[Shibboleth]] - account details are located on an external Shibboleth server
* Web services authentication
*[[Uniquelogin authentication]] to limit users to one simultaeous session


==Locking profile fields==
==See also==
To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information), the site administrator can lock profile fields.
 
[[Image:Authent-data-map-fname.jpg|Data Mapping Options]]
*These fields are optional. You can choose to pre-fill some Moodle user fields with information from the LDAP fields that you specify here.  If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.  In either case, the user will be able to edit all of these fields after they log in.
*'''Update local''': If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.
*'''Lock value''': If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system.
*'''Update external''': If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits.  Note: Updating external LDAP data requires that you set '''binddn''' and '''bindpw''' to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update.
 
If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen.  Remember to test the field locking by logging in with the proper type of account!  If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked!


==See also==
*[[Authentication FAQ]]
*Multi authentication in [[Upgrading to Moodle 1.8]]
*[http://moodle.org/mod/forum/view.php?id=42 Using Moodle: User authentication] forum


[[Category:Authentication]]
[[Category:Authentication]]


[[eu:Erabiltzaileen_autentifikazioa]]
[[fr:Authentification]]
[[fr:Authentification]]
[[de:Authentifizierung]]
[[ja:認証]]
[[es:Autenticación]]

Latest revision as of 16:53, 13 November 2017

Authentication is the process of allowing a user to log in to a Moodle site with a username and password.

Authentication plugins

Moodle provides a number of ways of managing authentication, called authentication plugins.

See also

Retrieved from "https://docs.moodle.org/34/en/index.php?title=Authentication&oldid=129339"
Powered by MediaWiki