Search

You need to be a site administrator, or have the appropriate permissions to be able to configure any settings related to Totara Connect.

Totara Connect is a single sign-on (SSO) and user identity solution for multiple Totara instances. Connected sites can share user accounts and logins, allowing all users or selected audiences to navigate between them seamlessly.

Totara Connect requires one Totara Learn site to act as the server. Once Totara Connect has been enabled and configured on the server, it is then possible to start connecting more Totara Learn or Totara Social sites as clients. Once connected information is then synchronised from the server to the client.

Totara Connect server

Totara Connect server is a plugin that facilitates the server side aspects of connecting sites effectively, allowing the site to act as a master to which client sites can connect and synchronise.

Totara Connect server is disabled by default. To enable it you must log in as a site administrator and turn on Enable Totara Connect server, which can be found under Site administration > Advanced features.

Once enabled a new administration section will become available at Site administration > Users > Accounts > Totara Connect server.

Even when enabled, by itself the server plugin is inactive. It is not until a second Totara Learn or Totara Social site is connected as a client that the Totara Connect server provides added functionality.

Totara Connect client

The Totara Connect client is an authentication plugin that facilitates a connection between the current site and one or more Totara Learn sites with an active Totara Connect server.

To be able to add a client to a Totara Connect sever, you first need to enable the Totara Connect client authentication plugin. Go to Site administration > Plugins > Authentication > Manage authentication and enable Totara Connect client by selecting the icon in the Enable column.

Manage authentication

Set up a Totara Connect client for Totara Learn

Once you have enabled the Totara Connect server, you'll then need to configure the Totara Connect client. Make sure you have enabled the Totara connect client authentication plugin on the client site first.

To set up a Totata Connect client follow these steps:

  1. First configure your Totara Connect server settings.

  2. Next configure your Totara Connect client settings.

  3. Then connect to a Totara Connect server.

  4. Finally, add your Totara Connect client to your Totara Connect server.

Totara Connect settings

Configure Totara Connect server settings

Go to Site administration > Users > Accounts > Totara Connect server > Settings.

Sync user passwords: If you want to send user password hashes from your server site to client sites, enable this option.

Configure Totara Connect client settings

Go to Site administration > Plugins > Authentication > Totara Connect client > Settings.

SettingDescriptionNotes
Automatic single sign-on via serverThis setting allows you to automatically log on to a Totara Connect client site connected to a specific Totara Connect server. Choose a Totara Connect server to automatically sign-on from.  Note that you need to connect to a server first to select it from the list.-
Migrate local accounts

When enabled, local accounts are migrated to Totara Connect accounts. Totara Connect accounts can log in only via single sign-on.


You should make sure the selected account mapping cannot be abused by Totara Connect server users to hijack existing client accounts. For example when mapping via username, users should not be allowed to sign up for new accounts on the Totara Connect server.
Account mapping

Choose the field you want to use to map user accounts by during migration. You should make sure this field is locked and cannot be modified by ordinary users or customised during user self-registration, both on the server and clients. User fields available are:

  • Username.
  • Email address.
  • ID number.
  • Totara Connect unique ID.
-
Synchronise custom profile fields

When enabled, custom profile field data for users will be automatically copied from the server site.


Matching custom profile fields must be created manually on the client site first.

Action to take when a user is removed from the restricted audience

 If your Totara Connect users are restricted to an audience on the server, this setting determines what happens with local accounts when the user is removed from that audience on the server. Options are:

  • Keep internal user.
  • Suspend internal user.
  • Full delete internal user.


Please note that any synchronised users who are deleted from the server will also be deleted from the local site.

Synchronise job assignmentsWhen enabled, job assignments will be automatically copied from the server site. Managers and appraisers are not synchronised, and other manual changes in synchronised job assignments are automatically reverted. Manual job assignments can still be used and are not affected.-
Synchronise positions

When enabled, position frameworks and positions will be automatically copied from the server site. It is recommended to change permissions so that users cannot modify positions manually.


Position types must be created manually with the same ID numbers, including any matching custom fields from the server site on the client site. Custom fields should also be locked on client sites.
Synchronise organisations

When enabled, organisation frameworks and organisations will be automatically copied from the server site. It is recommended to change permissions so that users cannot modify organisations manually.


Organisation types must be created manually with the same ID numbers, including any matching custom fields from the server site on the client site. Custom fields should also be locked on client sites.

Allow requests to plugin services

When enabled allows requests from Totara Connect servers to access services defined in any plugins.

-


Connect to a Totara Connect server

Go to Site administration > Plugins > Authentication > Manage authentication > Totara Connect client > Servers and select Connect to new server.

Note down the Client URL and Client setup secret as you'll need this information to complete the setup.

Connect to a server

Add a Totara Connect client

Log in as a site administrator to the site which is acting as the Totara Connect server, go to Site administration > Users > Accounts > Totara Connect server > Client systems and select Add client.

SettingDescriptionNotes
Name

Enter a name for the client site.

-
Client URLThe URL of the client site. This should be the URL provided when connecting to a new server.



Client setup secretThe setup secret for the client site. This should be the client setup secret provided when connecting to a new server.-
Allow plugin service requestsWhen enabled allows requests from Totara Connect servers to request services defined in any plugins for the Totara Connect client.-
Sync custom profile fieldsWhen enabled, custom profile field data for users will be automatically copied from the server site.

Custom profile fields must be created manually with the same short name on the client site first.


Sync job assignmentsWhen enabled, job assignments will be automatically copied from the server site. Managers and appraisers are not synchronised, and other manual changes in synchronised job assignments are automatically reverted. Manual job assignments can be still used and are not affected.-
Sync position frameworksChoose the position framework(s) to synchronise to the client site.-
Sync organisation frameworksChoose the organisation framework(s) to synchronise to the client site.-
Restrict to audienceYou can choose to only synchronise users from a specific audience from the Totara Connect server to the Totara Connect client site. The restriction is applied to all synchronised audiences and courses too i.e. only the audience restricted gets synchronised.-
Add new coursesIf enabled, each new course created in the LMS will be synchronised with the client to create a matching new group (Totara Social) or audience (Totara Learn). The enrolled users of the courses will be added as members to the respective groups or audiences created.-
Add new audiencesIf enabled, each new audience created in the LMS will be synchronised with the client to create a new group (Totara Social) or audience (Totara Learn). The members of the audiences are added as members to the respective groups or new audiences.-
Synchronised audiencesChoose one or more audiences and synchronise members to the client site.-
Synchronised coursesChoose one or more courses and synchronise all enrolled users to the client site.-
CommentAdd any applicable comments related to the client site.-

When a client has 'Automatic single sign-on via server' assigned, the site administrator (and any other users that have accounts on client) will not be able to sign in from the login screen. If a user needs to access the client site directly, a  login page parameter '?nosso=1' can be added to the client login address. For example http://_clientURL_/login/index.php?nosso=1

Note that this will give access to any user with an active account on the client server (by-passing the SSO server). 


Once complete, select Add clientYou'll now see that the column Status shows an Active connection between the server and the client site; a new option will become available on the login page of the client site.

Connect servers

Set up Totara Connect client for Totara Social

To set up a Totara Connect client for Totara Social please see the Totara Social 2.0 documentation for further information.

Logging in a Totara Connect client site

Follow these steps to login to a Totata Connect client site:

  1. Navigate to the client site in your browser.
  2. Select Log in using your account on:[Server site name]. If you're not already logged into the Totara Connect server site, you'll be prompted to log in.
  3. An account will be created on the server site if it doesn't exist and copy over all the user's profile fields with the exception of:
    • Interests.
    • Username (this is automatically generated by Totara Connect and starts with letters "tc").
    • ID number (used by HR Import).

Totara Connect scheduled tasks

If you're new to scheduled tasks, see our dedicated page for more information about how they work.

Task

DescriptionCode

General cleanup task

This task runs internal clean up tasks required by the Totara Connect client.
\auth_connect\task\cleanup_task

User collections sync task

This task checks the server for audience groups that are scheduled to be synced and recreates those audiences on the client.
\auth_connect\task\user_collection_task

Users sync task

This task syncs all information related to the individual users. This includes profile field data, user custom field data and job assignment data (includes position and organisations, but excludes managers and appraisers).
\auth_connect\task\user_task

API handshake

This task checks the server to make sure that the client is connecting with the latest available version of the API. If the server has been upgraded and the client supports it, this will switch to using a newer API version.
\auth_connect\handshake_task

Positions sync task

Responsible for syncing position hierarchy frameworks from the server to the client. Only the frameworks configured to be transferred will be synced. Note that syncing will override any local changes to the frameworks on the client side. This task does not update the position in job assignments - that is handled by the user task.

\auth_connect\position_task

Organisations sync task

Responsible for syncing organisation hierarchy frameworks from the server to the client. Only the frameworks configured to be transferred will be synced. Note that syncing will override any local changes to the frameworks on the client side. This task does not update the organisation in job assignments - that is handled by the user task.
\auth_connect\organisation_task
On this page



Provide feedback about this page using the link in the bottom right of this page. 

Still have questions? Why not post them in the forums of the Totara Community?