- 21 Jun 2022
- 2 minutes to read
- Updated on 21 Jun 2022
- 2 minutes to read
Authentication is the process which allows a user to access your Totara site. There are a variety of methods available for user authentication in Totara, and any number of available methods can be used.
Select the method that best fits your requirements. Once you have set up your authentication methods, users will be able to start accessing your site and its contents.
Common authentication settings
There are a number of common settings that an authentication method may have. The following settings can be configured for most authentication methods.
Lock user field
You can choose to lock user profile fields. This is useful for sites where the user profile data is maintained by the Site Administrator by manually editing user records, or uploading user data using the Upload users functionality.
If you are locking fields that are required by Totara, make sure that you provide that data when creating user accounts or the accounts will be unusable. Consider setting the lock mode to Unlocked if empty to avoid this problem.
Allow job assignment fields
The selected position, organisation, and manager fields will be available for users when they sign up.
Please be aware that enabling this setting can present a security risk, as information about positions, organisations or managers will be public.
Set the length of time the password is valid for, and when a user will be notified that their password is going to expire.
This type of authentication is used when Totara stores users' passwords and other details in the local Totara database. Authentication plugins such as manual and email are classified as internal authentication.
Other authentication plugins (such as LDAP and POP3) are classified as external authentication. With this type of authentication, users' details are not required to be stored in the local Totara database, and a user's password field is labelled as 'not cached'.
Multi-authentication is supported. Each authentication plugin may be used to find a username/password match. Once found, a user is logged in and alternative plugins are not used. Therefore the plugin which handles the most logins should be moved to the top of the page to minimise load on authentication servers.
There are three ways to manage single/shared sign-on in Totara:
- Totara Connect: See the What is Totara Connect? page for more information
- CAS server (SSO): See the Set up CAS server SSO page for more information
- OAuth2: See the Configure OAuth2 page for more information
The best method for your organisation will depend on whether you are trying to connect multiple Totara sites (Totara Connect) or trying to connect Totara with external services (CAS).
The Totara Academy has a whole course dedicated to Site-level user management in Totara Learn. Here you can learn more about user management, see best practice, and give it a go yourself.
© Copyright 2023 Totara Learning Solutions. All rights reserved. Some content originally obtained via GPLv3 license and continues to be available under GPLv3. All other content is the sole copyright of Totara Learning Solutions.