Authentication: Difference between revisions

Latest revision as of 04:16, 12 June 2024

Authentication is the process of allowing a user to log in to a Moodle site with a username and password.

Authentication plugins

Moodle provides a number of ways of managing authentication, called authentication plugins.

Standard authentication plugins are:

Manual accounts - accounts created manually by an administrator
No login - suspend particular user account
Email-based self-registration - for enabling users to create their own accounts
CAS server (SSO) - account details are located on an external CAS server
External database - account details are located on an external database
LDAP server - account details are located on an external LDAP server
LTI - works with the Publish as LTI tool enrolment method to connect courses and activities
Moodle Network authentication - how different Moodle sites can connect and authenticate users
No authentication - for testing purposes or if the Moodle site is not available on the Internet. Do NOT use on public servers!
Shibboleth - account details are located on an external Shibboleth server
OAuth 2 - authenticate with an OAuth 2 service
Web services - for a dedicated account which integrates with your site via web services

There are also many additional authentication plugins in the Moodle plugins directory.

Multi-factor authentication can be enabled and managed from Site administration > Plugins > Admin tools in order to increase site security by requiring additional steps before users can log in.

Password visibility toggle

New feature
in Moodle 4.4!

Specify whether the password field on the login screen can have the visibility of its contents toggled. This is useful in providing a way to check a password value is entered in correctly. Choose between enabling this setting for all logins, or for logins on small screens only (default). This can also be disabled if required.

You can access this feature from Site administration > Plugins > Authentication > Manage authentication.

@@ Line 1: / Line 1: @@
-There are various ways of managing user '''authentication''':
+{{Managing a Moodle site}}
+Authentication is the process of allowing a user to log in to a Moodle site with a username and password.
+==Authentication plugins==
-:[[Email-based authentication]]
+Moodle provides a number of ways of [[Managing authentication|managing authentication]], called ''authentication plugins''.
-:[[Manual accounts only]]
-:[[No authentication]]
-:[[PAM (Pluggable Authentication Modules)]]
-:[[Shibboleth]]
-:[[Use a CAS server (SSO)]]
-:[[Use a POP3 server]]
-:[[LDAP authentication|Use an LDAP server]]
-:[[NTLM authentication|Use NTLM/Integrated Authentication (3rd party plugin)]]
-==Locking Profile Fields==
+Standard authentication plugins are:
-To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information, the site administrator can lock profile fields.
-[[Image:Authent-data-map-fname.jpg|Data Mapping Options]]
+*[[Manual accounts]] - accounts created manually by an administrator
-*These fields are optional. You can choose to pre-fill some Moodle user fields with information from the LDAP fields that you specify here.  If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.  In either case, the user will be able to edit all of these fields after they log in.
+*[[No login]] - suspend particular user account
-*'''Update local''': If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.
+*[[Email-based self-registration]] - for enabling users to create their own accounts
-*'''Lock value''': If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system.
+*[[CAS server (SSO)]] - account details are located on an external CAS server
-*'''Update external''': If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits.   Note: Updating external LDAP data requires that you set '''binddn''' and '''bindpw''' to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update.
+*[[External database authentication|External database]] - account details are located on an external database
+*[[LDAP authentication|LDAP server]] - account details are located on an external LDAP server
+*[[LTI]] - works with the [[Publish as LTI tool]] enrolment method to connect courses and activities
+*[[MNet|Moodle Network authentication]] - how different Moodle sites can connect and authenticate users
+*[[No authentication]] - for testing purposes or if the Moodle site is not available on the Internet. Do NOT use on public servers!
+*[[Shibboleth]] - account details are located on an external Shibboleth server
+*[[OAuth 2 authentication|OAuth 2]] - authenticate with an OAuth 2 service
+*[[Web services authentication|Web services]] - for a dedicated account which integrates with your site via web services
-If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen.  Remember to test the field locking by logging in with the proper type of account!  If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked!
+There are also many [https://moodle.org/plugins/?q=type:auth additional authentication plugins in the Moodle plugins directory].
-==Customising the login page==
+[[Multi-factor authentication]]  can be enabled and managed from Site administration > Plugins > Admin tools in order to increase site security by requiring additional steps before users can log in.
-Depending upon the authentication method (i.e. not applicable for email authentication) login instructions may be easily added. Alternatively, an alternate login URL may be added - please check the Using Moodle discussion [http://moodle.org/mod/forum/discuss.php?d=26629 Customising the log in page] for further details.
+==Password visibility toggle==
+{{New features}}
+Specify whether the password field on the login screen can have the visibility of its contents toggled. This is useful in providing a way to check a password value is entered in correctly. Choose between enabling this setting for all logins, or for logins on small screens only (default). This can also be disabled if required.
+You can access this feature from ''Site administration > Plugins > Authentication > Manage authentication.''
 ==See also==
-*[http://moodle.org/mod/forum/view.php?id=42 Using Moodle: User authentication] forum
+*[[Authentication FAQ]]
-[[Category:Administrator|Admin/auth]]
+[[Category:Authentication]]
-[[Category:Authentication|Admin/auth]]
+[[de:Authentifizierung]]
+[[es:Autenticación]]
+[[eu:Erabiltzaileen_autentifikazioa]]
 [[fr:Authentification]]
+[[it:Autenticazione]]
+[[ja:認証]]

Documentation

Authentication: Difference between revisions

Latest revision as of 04:16, 12 June 2024

Authentication plugins

Password visibility toggle

See also