User authentication

User authentication handles how a user profile logs into Moodle. Each user typically will have a username and password that they will enter into the login form.

When they submit the login form, Moodle determines if they are a user and how they should be authenticated as a valid user. To achieve this, every Moodle user account is designated an authentication type.

Authentication types

When a user attempts to log into Moodle, their authentication type will determine how Moodle authenticates their submitted data (their username and password).

The two most widely used authentication types are Manual accounts and e-mail-based self-registration, which will be described in more detail here.

The most commonly used authentication types are:

• Internal
  • Manual accounts
  • E-mail-based self-registration
• External
  • LDAP
  • External database
  • IMAP

In this section, we will just focus on the two internal authentication types.

How to enable authentication plugins

To configure the available authentication types on a Moodle site, you need to be logged in as administrator.

By default, the two internal plugins Manual accounts and e-mail-based self-registration are enabled. Others can be enabled as required by the organization.

To manage the authentication plugins:

1. Navigate to Administration | Site Administration | Plugins | Authentication | Manage authentication:

   

2. Click on the Enable column icon to alter each plugin's status to enable or disable as required. This icon usually looks like an open eyeball when enabled.

The Common settings section is visible as you scroll further down the page. This section includes options such as:

• Self registration: This defaults to disable, and is needed for e-mail-based self-registration.
• Guest login button: This defaults to show.
• ReCAPTCHA deployment: This is advised for e-mail-based self-registration to reduce spam.

Authentication configuration for a single user creation

When a user is added via the interface as a single user, their authentication type defaults to Manual accounts.

Navigate to Administration | Site Administration | Users | Accounts | Add a new user.

In the Add User form, the Choose an authentication method dropdown will allow you to select one from the available authentication types. As mentioned, it defaults to Manual accounts:

Authentication configuration for the CSV file user upload

When a CSV file of users is added via the interface, the authentication type defaults to Manual accounts. This can be changed to any of the other active authentication types.

1. Navigate to Administration | Site Administration | Users | Accounts | Upload users.
2. In the Upload users form, select the CSV file of users you wish to upload. Change any of the other form options as required, and click on Upload users.
3. In the Upload users preview form, you need to expand the Default values section. If not expanded, then click on the Show more… link.
4. The Choose an authentication method dropdown will now display, to allow you to select one from the available authentication types. It defaults to Manual accounts.

   

Manual authentication

When a user attempts to log into Moodle with an authentication type of Manual accounts, their submitted login details will be compared with the username and password found in the Moodle user database. If validated, the user will then be allowed access to the Moodle site.

Note

The password is not stored in the database as plain text, so it cannot be retrieved later, only changed.

The optional configuration

The manual accounts authentication has a number of options that can be configured as follows:

1. Navigate to Administration | Site Administration | Plugins | Authentication | Manual accounts.
2. Enable Password expiry defaults to No.
3. Password duration (expiry time), to notify users when the password will expire.
4. Lock specific user fields, which prevents users from changing them. For instance, their first name, last name, and e-mail need to remain the same for identification purposes.
5. Change the settings as required and click on Save changes:

   

Email-based self-registration authentication

When e-mail-based self-registration is enabled on the Moodle site, it allows anyone with access to the site to register on the site by submitting their own details, depending on a valid e-mail, as this will be used to send a confirmation e-mail to the user to confirm and complete their account creation. Users that do not complete the confirmation process cannot log in.

Once the user has successfully completed their account creation, their subsequent login attempts will be compared in the same manner as manual accounts users, from the username and password found in the Moodle user database.

The optional configuration

The e-mail-based self-registration authentication has a number of options that can be configured:

1. Navigate to Administration | Site Administration | Plugins | Authentication | Email-based self-registration.
2. Enable reCAPTCHA element defaults to No. This is highly recommended to reduce spam. For more information on reCAPTCHA, go to http://www.google.com/recaptcha/intro/index.html.
3. Lock specific user fields, which prevents users from changing them. For instance, their first name, last name, and e-mail need to remain the same for identification purposes.
4. If you are locking fields that are required by Moodle, make sure that you provide that data when creating user accounts, or the accounts will be unusable.
5. Change the settings as required and click on Save changes.