Authentication is the process which allows a user to log in to your Totara site.
There are a variety of methods available for user authentication in Totara.
Select the method that fits your situation the best. Once you have set up your authentication and set up the courses you can then enrol learners into the courses.
If you have chosen Email-based self-registration and wish potential users to be able to create their own accounts, select 'Email-based self-registration' from the self registration drop-down menu in the common settings section. Potential users will then be presented with a 'Create new account' button on the login page.
If you have courses with guest access, set the Guest login button to show.
Authentication methods (also known as authentication plugins) include:
This type of authentication is used when Totara stores users' passwords and other details in the local Totara database. Authentication plug-ins such as manual and email are indicated as internal authentication.
Other authentication plug-ins (such as: LDAP or POP3) are indicated as external authentication. With this type of authentication, users' details are not required to be stored in the local Totara database and a user's password field is labelled as 'not cached'.
Multi-authentication is supported. Each authentication plug-in may be used to find a username/password match. Once found, a user is logged in and alternative plug-ins are not used. Therefore the plug-in which handles the most logins should be moved to the top of the page to ensure minimal load is put on authentication servers.
Keep username, email, and id number: A deleted user profile fields can be reactivated, their other data will be deleted including but not limited to:
Full deletion: Since Totara 2.7.3 an option for Full user deletion has been added, this is the default setting.
If a user was deleted with the keep username, email, and id number setting then they will only be able to be fully deleted manually not through the HR import process.
If you want to recover a users record of learning then Suspend rather than Delete the user.
If you want users' to be able to create their own user accounts, i.e. self-register, then select Email-based self-registration (or any other enabled plugin which can support self registration, like LDAP) from the drop-down menu. This results in a 'Is this your first time here?' question and a 'Create new account' button being displayed on the login page.
|Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. This risk can be minimized by limiting self registration to particular email domains using the 'Allowed email domains'. Alternatively, self registration may be enabled for a short period of time to allow users to create accounts and then later disabled.|
|The Email-based self-registration authentication plugin must be enabled to allow users who previously self-registered to log in with that plugin. Selecting Email-based self-registration as the self registration method allows potential users to self register.|
You can hide or show the guest login button on the login page. Hiding the guest login button disables guest access to your Totara site.
|Any user logged in to the system can view any course that allows guest access without enrolling on the course.|
This should be used with care, since a mistake in the URL or on the actual login page can lock you out of your site. If there is a problem, you can remove the entry from your database (table mdl_config) using, e.g., phpmyadmin for mysql.
If your lost password handling is performed entirely outside of Totara; for example, only by a help desk, you can set the URL of that service here. Anybody pressing a 'lost password' link in Totara will be redirected to this URL. Note that this will disable all of Totara's lost password recovery options regardless of authentication method(s) in use.
Authentication may be restricted to particular email domains when using Email-based self-registration so that, for example, only learners with an organisation domain email can log in.
There are two ways to manage single sign-on in Totara:
To determine the best method for your organisation it depends if you are trying to connect multiple Totara sites (Totara Connect) or if you are trying to connect Totara with external services (CAS).
To set up CAS follow these steps:
As CAS is an external open source solution you can read more about how CAS works on their website.