You need to be a site administrator, or have the appropriate permissions to be able to configure any settings related to Totara Connect.
Totara Connect is a single sign-on (SSO) and user identity solution for multiple Totara instances. Connected sites can share user accounts and logins, allowing all users or selected audiences to navigate between them seamlessly.
Totara Connect requires one Totara Learn site to act as the server. Once Totara Connect has been enabled and configured on the server, it is then possible to start connecting more Totara Learn or Totara Social sites as clients. Once connected information is then synchronised from the server to the client.
Totara Connect server
Totara Connect server is a plugin that facilitates the server side aspects of connecting sites effectively, allowing the site to act as a master to which client sites can connect and synchronise.
Once enabled a new administration section will become available at Site administration > Users > Accounts > Totara Connect server.
Even when enabled, by itself the server plugin is inactive. It is not until a second Totara Learn or Totara Social site is connected as a client that the Totara Connect server provides added functionality.
Totara Connect client
The Totara Connect client is an authentication plugin that facilitates a connection between the current site and one or more Totara Learn sites with an active Totara Connect server.
To be able to add a client to a Totara Connect sever, you first need to enable the Totara Connect client authentication plugin. Go to Site administration > Plugins > Authentication > Manage authentication and enable Totara Connect client by selecting the icon in the Enable column.
Set up a Totara Connect client for Totara Learn
Once you have enabled the Totara Connect server, you'll then need to configure the Totara Connect client. Make sure you have enabled the Totara connect client authentication plugin on the client site first.
To set up a Totata Connect client follow these steps:
Finally, add your Totara Connect client to your Totara Connect server.
Totara Connect settings
Configure Totara Connect server settings
Go to Site administration > Users > Accounts > Totara Connect server > Settings.
Sync user passwords: If you want to send user password hashes from your server site to client sites, enable this option.
Configure Totara Connect client settings
Go to Site administration > Plugins > Authentication > Totara Connect client > Settings.
|Automatic single sign-on via server||This setting allows you to automatically log on to a Totara Connect client site connected to a specific Totara Connect server. Choose a Totara Connect server to automatically sign-on from. Note that you need to connect to a server first to select it from the list.||-|
|Migrate local accounts|
When enabled, local accounts are migrated to Totara Connect accounts. Totara Connect accounts can log in only via single sign-on.
|You should make sure the selected account mapping cannot be abused by Totara Connect server users to hijack existing client accounts. For example when mapping via username, users should not be allowed to sign up for new accounts on the Totara Connect server.|
Choose the field you want to use to map user accounts by during migration. You should make sure this field is locked and cannot be modified by ordinary users or customised during user self-registration, both on the server and clients. User fields available are:
|Synchronise custom profile fields|
When enabled, custom profile field data for users will be automatically copied from the server site.
Matching custom profile fields must be created manually on the client site first.
|Action to take when a user is removed from the restricted audience|
If your Totara Connect users are restricted to an audience on the server, this setting determines what happens with local accounts when the user is removed from that audience on the server. Options are:
Please note that any synchronised users who are deleted from the server will also be deleted from the local site.
|Synchronise job assignments||When enabled, job assignments will be automatically copied from the server site. Managers and appraisers are not synchronised, and other manual changes in synchronised job assignments are automatically reverted. Manual job assignments can still be used and are not affected.||-|
When enabled, position frameworks and positions will be automatically copied from the server site. It is recommended to change permissions so that users cannot modify positions manually.
|Position types must be created manually with the same ID numbers, including any matching custom fields from the server site on the client site. Custom fields should also be locked on client sites.|
When enabled, organisation frameworks and organisations will be automatically copied from the server site. It is recommended to change permissions so that users cannot modify organisations manually.
Organisation types must be created manually with the same ID numbers, including any matching custom fields from the server site on the client site. Custom fields should also be locked on client sites.
|Allow requests to plugin services|
When enabled allows requests from Totara Connect servers to access services defined in any plugins.
Connect to a Totara Connect server
Go to Site administration > Plugins > Authentication > Manage authentication > Totara Connect client > Servers and select Connect to new server.
Add a Totara Connect client
Log in as a site administrator to the site which is acting as the Totara Connect server, go to Site administration > Users > Accounts > Totara Connect server > Client systems and select Add client.
Enter a name for the client site.
|Client URL||The URL of the client site. This should be the URL provided when connecting to a new server.|
|Client setup secret||The setup secret for the client site. This should be the client setup secret provided when connecting to a new server.||-|
|Allow plugin service requests||When enabled allows requests from Totara Connect servers to request services defined in any plugins for the Totara Connect client.||-|
|Sync custom profile fields||When enabled, custom profile field data for users will be automatically copied from the server site.|
Custom profile fields must be created manually with the same short name on the client site first.
|Sync job assignments||When enabled, job assignments will be automatically copied from the server site. Managers and appraisers are not synchronised, and other manual changes in synchronised job assignments are automatically reverted. Manual job assignments can be still used and are not affected.||-|
|Sync position frameworks||Choose the position framework(s) to synchronise to the client site.||-|
|Sync organisation frameworks||Choose the organisation framework(s) to synchronise to the client site.||-|
|Restrict to audience||You can choose to only synchronise users from a specific audience from the Totara Connect server to the Totara Connect client site. The restriction is applied to all synchronised audiences and courses too i.e. only the audience restricted gets synchronised.||-|
|Add new courses||If enabled, each new course created in the LMS will be synchronised with the client to create a matching new group (Totara Social) or audience (Totara Learn). The enrolled users of the courses will be added as members to the respective groups or audiences created.||-|
|Add new audiences||If enabled, each new audience created in the LMS will be synchronised with the client to create a new group (Totara Social) or audience (Totara Learn). The members of the audiences are added as members to the respective groups or new audiences.||-|
|Synchronised audiences||Choose one or more audiences and synchronise members to the client site.||-|
|Synchronised courses||Choose one or more courses and synchronise all enrolled users to the client site.||-|
|Comment||Add any applicable comments related to the client site.||-|
When a client has 'Automatic single sign-on via server' assigned, the site administrator (and any other users that have accounts on client) will not be able to sign in from the login screen. If a user needs to access the client site directly, a login page parameter '?nosso=1' can be added to the client login address. For example.
Note that this will give access to any user with an active account on the client server (by-passing the SSO server).
Once complete, select Add client. You'll now see that the column Status shows an Active connection between the server and the client site; a new option will become available on the login page of the client site.
Set up Totara Connect client for Totara Social
To set up a Totara Connect client for Totara Social please see the Totara Social 2.0 documentation for further information.
Logging in a Totara Connect client site
Follow these steps to login to a Totata Connect client site:
- Navigate to the client site in your browser.
- Select Log in using your account on:[Server site name]. If you're not already logged into the Totara Connect server site, you'll be prompted to log in.
- An account will be created on the server site if it doesn't exist and copy over all the user's profile fields with the exception of:
- Username (this is automatically generated by Totara Connect and starts with letters "tc").
- ID number (used by HR Import).
Totara Connect scheduled tasks
If you're new to scheduled tasks, see our dedicated page for more information about how they work.
General cleanup task
|This task runs internal clean up tasks required by the Totara Connect client.|
User collections sync task
|This task checks the server for audience groups that are scheduled to be synced and recreates those audiences on the client.|
Users sync task
|This task syncs all information related to the individual users. This includes profile field data, user custom field data and job assignment data (includes position and organisations, but excludes managers and appraisers).|
|This task checks the server to make sure that the client is connecting with the latest available version of the API. If the server has been upgraded and the client supports it, this will switch to using a newer API version.|
Positions sync task
Responsible for syncing position hierarchy frameworks from the server to the client. Only the frameworks configured to be transferred will be synced. Note that syncing will override any local changes to the frameworks on the client side. This task does not update the position in job assignments - that is handled by the user task.
Organisations sync task
|Responsible for syncing organisation hierarchy frameworks from the server to the client. Only the frameworks configured to be transferred will be synced. Note that syncing will override any local changes to the frameworks on the client side. This task does not update the organisation in job assignments - that is handled by the user task.|