• 21 Jun 2022
  • 2 minutes to read


Article Summary

Authentication is the process which allows a user to access your Totara site. There are a variety of methods available for user authentication in Totara, and any number of available methods can be used.  

Select the method that best fits your requirements. Once you have set up your authentication methods, users will be able to start accessing your site and its contents. 

Authentication is configured separately for the Totara Mobile app, with different options available for mobile authentication.

Common authentication settings

There are a number of common settings that an authentication method may have. The following settings can be configured for most authentication methods.


Lock user field

You can choose to lock user profile fields. This is useful for sites where the user profile data is maintained by the Site Administrator by manually editing user records, or uploading user data using the Upload users functionality.

If you are locking fields that are required by Totara, make sure that you provide that data when creating user accounts or the accounts will be unusable. Consider setting the lock mode to Unlocked if empty to avoid this problem.

Allow  job assignment fields

The selected position, organisation, and manager fields will be available for users when they sign up. 

Please be aware that enabling this setting can present a security risk, as information about positions, organisations or managers will be public.

Password expiry

Set the length of time the password is valid for, and when a user will be notified that their password is going to expire.


Authentication types

Authentication typeDescription

Internal authentication

This type of authentication is used when Totara stores users' passwords and other details in the local Totara database. Authentication plugins such as manual and email are classified as internal authentication.

External authentication

Other authentication plugins (such as LDAP and POP3) are classified as external authentication. With this type of authentication, users' details are not required to be stored in the local Totara database, and a user's password field is labelled as 'not cached'.


Multi-authentication is supported. Each authentication plugin may be used to find a username/password match. Once found, a user is logged in and alternative plugins are not used. Therefore the plugin which handles the most logins should be moved to the top of the page to minimise load on authentication servers.

Single sign-on

There are three ways to manage single/shared sign-on in Totara:

The best method for your organisation will depend on whether you are trying to connect multiple Totara sites (Totara Connect) or trying to connect Totara with external services (CAS).

C010 - Site-level user management(1)The Totara Academy has a whole course dedicated to Site-level user management in Totara Learn. Here you can learn more about user management, see best practice, and give it a go yourself.

© Copyright 2023 Totara Learning Solutions. All rights reserved. Some content originally obtained via GPLv3 license and continues to be available under GPLv3. All other content is the sole copyright of Totara Learning Solutions. 

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.