Authentication, which includes signing up with the platform, is the process of verifying the identity of a user or entity before granting access to an eLearning platform like Moodle, or platforms inherently based on Moodle like ScholarLMS. It ensures that only authorized individuals or entities can gain entry and perform actions within the platform. Authentication is crucial for maintaining security and protecting sensitive information.

Moodle by default supports various authentication methods to verify user identities. In this article we will explore some commonly used Moodle authentication methods and their user cases. To know more advanced ways to onboard your learners on your Moodle site, check out our article on “Moodle SSO Authentication Methods for LMS Administrators“.

1) Manual accounts

“manual accounts” authentication refers to a method of user authentication where administrators or user having permission manually create user accounts. This method is typically used when there is a need for centralized control over user accounts or when integrating with external systems for authentication is not feasible or desired. Administrators are responsible for creating accounts, assigning usernames and passwords, and entering relevant user details. Unlike other authentication methods that integrate with external systems, manual accounts authentication allows for a more self-contained user management approach.

Ways to add manual accounts

There are couple of ways an administrator can add manual accounts.

1. Adding a new user: This feature is used for adding one account at a time. When adding a new user, administrators are prompted to enter various details to create the user’s profile. This includes information such as the user’s first name, last name, email address, preferred username, and password.
2. Adding users in bulk: This feature allows administrators to add multiple users to the system simultaneously, streamlining the process of user account creation. Instead of manually creating individual user accounts one by one, this feature enables administrators to import a list of users from a CSV (Comma-Separated Values) file. When importing the CSV file, administrators have the option to map the fields from the CSV file to corresponding fields in Moodle’s user profile. This ensures that the data from the CSV file is accurately assigned to the appropriate user attributes in Moodle. Once the CSV file is uploaded and the field mapping is set, Moodle processes the file and creates user accounts for each entry. Upon successful user account creation, Moodle can send automated notifications to the users, providing them with their login credentials and any other relevant information.

Use Cases for Manual Accounts Authentication:

1. Small Organizations and Educational Institutions: Manual accounts authentication is particularly useful for small organizations, schools, or educational institutions with a limited number of users. These institutions may not require complex integration with external authentication systems and can benefit from the centralized control and simplicity offered by manual account creation.
2. Closed User Groups: In certain scenarios, Moodle may be used to facilitate learning or collaboration within closed user groups, such as corporate training programs or community-based courses. Manual accounts authentication enables administrators to closely monitor and manage user access, ensuring that only authorized individuals are granted entry.
3. Separate User Management System: Some organizations prefer to maintain a separate user management system alongside Moodle. Manual accounts authentication allows these organizations to handle user accounts internally, without the need for integration with external systems. This approach grants administrators greater flexibility and control over user management processes.

Benefits of Manual Accounts Authentication:

1. Centralized User Management: With manual accounts authentication, administrators have complete control over user account creation, modification, and deletion. This centralized user management capability simplifies administrative tasks and ensures consistent user data across the platform.
2. Security and Access Control: Manual account creation enables administrators to enforce stringent security measures. By manually assigning unique usernames and passwords, administrators can implement complex password policies and mitigate the risk of unauthorized access.
3. Custom User Profiles: Manual accounts authentication allows administrators to gather additional information about users by creating custom user profile fields. This information can be utilized for personalized user experiences and tailored learning content.
4. Minimal Infrastructure Requirements: Unlike authentication methods that rely on external systems or complex integrations, manual accounts authentication has minimal infrastructure requirements. It can be readily implemented within Moodle without extensive setup or configuration.

2) Email-based self-registration

An email-based self-registration Moodle authentication method allows users to create their own accounts by providing their email address. This method is most commonly used as it allow open registration, enabling anyone with a valid email address to create an account and access the learning platform. This can be useful for organizations or educational institutions that want to provide access to a large number of users without the need for manual account creation.

Here’s how it typically works:

1. User Registration: On the Moodle platform, users can access a self-registration page where they enter their email address along with any additional required information, such as their name, username, and password.
2. Email Verification: After submitting the registration form, Moodle sends an email to the provided email address. This email contains a verification link or a verification code that the user needs to click or enter to confirm their ownership of the email address.
3. Account Activation: Once the user verifies their email address, their account is activated, and they gain access to the Moodle platform. They can log in using their chosen username or email address and the password they provided during registration.

3) Email-based self-registration with admin confirmation

This authentication method allows users to create their accounts on a Moodle platform by themselves using their email addresses. However, before gaining access to the platform, their registration requests must be confirmed by an administrator.

Here’s how the process typically works:

1. User registration: A prospective user visits the Moodle platform’s registration page and provides their email address, along with any other required information.
2. Email verification: After submitting the registration form, an automated email is sent containing a verification link that the user needs to click to confirm their email address.
3. Admin confirmation: Once the user confirms their email, an administrator receives a notification or request for account approval. The administrator reviews the registration request and decides whether to approve or reject it based on their criteria.
4. Account activation: If the administrator approves the registration request, the user’s account is activated, and they receive an email notification with their login credentials or a link to set a password.

Customizations

ScholarLMS has implemented additional convenient customizations in this plugin.

• Notification recipients: By default, this plugin provides several options for selecting the recipients of admin confirmation. These options include the first admin user, all admin users, and all admins and users with the update user capability. However, in certain organizational scenarios, admins may not be responsible for confirming user accounts. ScholarLMS has introduced a custom field that allows the inclusion of emails belonging to internal staff members who are responsible for confirming user accounts. The custom field supports the inclusion of multiple emails, separated by commas, to add multiple recipients.

• “Account confirmed by” field: Depending on the recipient settings, there may be multiple admins or staff members receiving account confirmation emails. With multiple admins/staff members confirming user accounts, it can be challenging to determine who confirmed a particular user’s account. To address this, ScholarLMS has added an “Account confirmed by” field in the user profile. This field logs the specific individual among the recipients who confirmed a user account.

Use cases

1. Controlled user registration: This authentication method allows administrators to maintain control over who can access their eLearning platform. By requiring admin confirmation, they can review registration requests, ensuring that only authorized users are granted access.
2. Security and spam prevention: Email verification adds an extra layer of security by confirming that the provided email address belongs to the user. It helps prevent the creation of fake or spam accounts.
3. Compliance and privacy: In some educational institutions or organizations, administrators may need to comply with specific policies or regulations regarding user registration and data privacy. Admin confirmation ensures that these requirements are met before granting access to the Moodle platform.
4. Restricted access environments: Some Moodle platforms might be used in restricted or exclusive environments, such as corporate training programs or closed educational communities. Email-based self-registration with admin confirmation allows administrators to restrict access to only those individuals who are authorized to join.

Overall, this authentication method in Moodle strikes a balance between user convenience and administrative control. It provides an initial user self-registration process while allowing administrators to validate and approve new accounts, ensuring the security and integrity of the Moodle platform.

In conclusion, Manual authentication, email-based self-registration, and email-based self-registration with admin confirmation are effective ways to verify and authenticate user identities within an LMS. Manual authentication provides direct control over user account creation, while email-based self-registration streamlines the process by allowing users to register themselves. The addition of admin confirmation adds an extra layer of security and validation. By leveraging these Moodle authentication methods, organizations can ensure secure access to their LMS, protect user information, and create a reliable and secured learning environment for all users.

To explore more ways to onboard your learners on your Moodle site, check out our article on “Moodle SSO Authentication Methods for LMS Administrators“.