To set the authentication method:
- Access Administration > Plugins > Authentication > Manage authentication in 2.0 onwards or Administration > Users > Authentication > Manage authentication in 1.9.
- On the Manage authentication page, click on the closed eye icon to enable your chosen authentication plugin(s). In Moodle 1.8 onwards, you can choose to use more than one authentication plugin (see Multi-authentication below). Use the up/down arrow icons to arrange the plugins in order, with the plugin handling the most logins at the top of the page.
- If you have chosen Email-based self-registration and wish potential users to be able to create their own accounts, select "Email-based self-registration" from the self registration drop-down menu in the common settings section. Potential users will then be presented with a "Create new account" button on the login page.
- If you have courses with guest access, set the Guest login button to show.
- Click the "Save changes" button.
- Click on Settings opposite the authentication plugin(s) you have chosen.
- Configure the required settings and click the "Save changes" button.
Authentication methods
Authentication methods (also known as authentication plugins) include:
- Manual accounts - accounts created manually by an administrator
- No login - suspend particular user account
- Email-based self-registration - for enabling users to create their own accounts
- CAS server (SSO) - account details are located on an external CAS server
- External database - account details are located on an external database
- FirstClass server - account details are located on an external FirstClass server
- IMAP server - account details are located on an external IMAP server
- LDAP server - account details are located on an external LDAP server
- Moodle Network authentication - how different Moodle sites can connect and authenticate users
- NNTP server - account details are located on an external NNTP server
- No authentication - for testing purposes only
- PAM (Pluggable Authentication Modules) - account details come from the operating system Moodle is running on, via PAM (can only be used Linux/Unix).
- POP3 server - account details are located on an external POP3 server
- RADIUS server - account details are located on an external RADIUS server
- Shibboleth - account details are located on an external Shibboleth server
- NTLM/Integrated Authentication (contributed plugin prior to Moodle 1.9; is part of the LDAP authentication plugin from 1.9 onwards).
Authentication types
Internal authentication
This type of authentication is used when Moodle stores users' passwords and other details in local Moodle database. Authentication plugins such as manual and email are indicate as internal authentication
External authentication
Other authentication plugins (such as: LDAP or POP3) are indicate as external authentication. With this type of authentication, user's details are not required to be stored in local Moodle database and user's password field will be labeld as 'not cached'.
Multi-authentication
From Moodle 1.8 onwards, multi-authentication is supported. Each authentication plugin may be used to find a username/password match. Once found, a user is logged in and alternative plugins are not used. Therefore the plugin which handles the most logins should be moved to the top of the page in order that less load is put on authentication servers.
Common settings
Self registration
If you wish users to be able to create their own user accounts, i.e. self-register, then select Email-based self-registration (or any other enabled plugin that can support self registration, like LDAP) from the drop-down menu. This will result in a "Is this your first time here?" instructions and a "Create new account" button being displayed on the login page.
Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. This risk can be minimized by limiting self registration to particular email domains with the allowed email domains setting (see below). Alternatively, self registration may be enabled for a short period of time to allow users to create accounts, and then later disabled.
Note: The Email-based self-registration authentication plugin must be enabled to allow users who previously self-registered to login with that plugin. Selecting Email-based self-registration as the self registration method allows potential users to self register.
Guest login button
You can hide or show the guest login button on the login page. Hiding the guest login button disables guest access to the Moodle site, however logged-in users can still enter any courses which allow guest access without being required to enrol.
