Authentication site settings
- 22 Mar 2022
- 3 minutes to read
Authentication site settings
- Updated on 22 Mar 2022
- 3 minutes to read
Article Summary
Share feedback
Thanks for sharing your feedback!
There are a number of authentication settings that apply to your whole Totara site. You can configure these via Quick-access menu > Plugins > Authentication > Manage authentication under the Common settings section.
| Setting | Description | Notes |
|---|---|---|
User deletion | This setting allows you to determine what happens to a user account if it is deleted. Select from the following options:
If you choose to Keep username, email, and ID number then deleted user profile fields can be reactivated, however, the user's other data will be deleted including but not limited to; appraisals where the user is in the learner role, grades, and roles. | If a user was deleted with the Keep username, email, and ID number setting then they will only be able to be fully deleted manually. It will not be possible to fully delete them through the HR import process. If you are using Totara Learn and want to recover a user's record of learning, then you should Suspend rather than Delete the user. |
Self registration | If you want users to be able to create their own user accounts, i.e. register themselves, then select Email-based self-registration (or any other enabled plugin which can support self-registration, such as LDAP) from the dropdown menu. | Enabling self-registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries, etc. for spam. This risk can be minimised by limiting self-registration to specific email domains using the Allowed email domains option. Alternatively, self-registration may be enabled for a short period of time to allow users to create accounts, and then later disabled. |
Allow login via email | Allow users to use both their username and their email address (if unique) for site login. | - |
Allow accounts with same email | If enabled, more than one user account can share the same email address. | This may result in security or privacy issues, for example with the password change confirmation email. |
Prevent account creation when authenticating | When a user authenticates, an account on the site is automatically created if it doesn't yet exist. If an external database such as LDAP is used for authentication, but you wish to restrict access to the site to users with an existing account only, then this option should be enabled. New accounts will need to be created manually or via the upload users feature. | This setting doesn't apply to MNet authentication. |
Autofocus login page form | Enabling this option improves the usability of the login page, so you don't need to navigate to the username field. However, automatically focusing fields may be considered an accessibility issue. | - |
Guest login button | You can hide or show the guest login button on the login page. Hiding the guest login button disables guest access to your Totara site. | Any user logged in to the system can view any content that allows guest access. |
Limit concurrent logins | If enabled, the number of concurrent browser logins for each user is restricted. | - |
Alternate login URL | This should be used with care since a mistake in the URL or on the actual login page can lock you out of your site. | If there is a problem, you can remove the entry from your database using, for example, PHPMyAdmin for MYSQL. |
Forgotten password URL | If your lost password handling is performed entirely outside of Totara (by a help desk for example), you can set the URL for that service here. Anybody clicking a lost password link in Totara will be redirected to this URL. Custom instructions for logging in can also be created. | This will disable all of Totara's lost password recovery options regardless of the authentication method(s) in use. |
Instructions | Enter custom login instructions that will be displayed on the login page. Leaving this blank will display the default instructions. | - |
Allowed email domains | A space-separated list of allowed email domains, e.g. @totaralearning.com @totara.com | - |
Denied email domains | A space-separated list of email domains that are not allowed to be registered, e.g. @hotmail.com @gmail.com | - |
Restrict domains when changing email | Enables verification of changed email addresses using the Allowed email domains and Denied email domains settings. If this setting is disabled, the domains are enforced only when creating new users. | - |
reCAPTCHA keys | If reCAPTCHA has been enabled in the user signup form then a Public (Site) and Private key are required to be entered. The keys are generated by https://www.google.com/recaptcha/about/ | Please ensure that you update your keys so that you can use reCAPTCHA v2. You can read more on the reCAPTCHA FAQs. |
© Copyright 2024 Totara Learning Solutions. All rights reserved. Some content originally obtained via GPLv3 license and continues to be available under GPLv3. All other content is the sole copyright of Totara Learning Solutions.
Was this article helpful?
