Authentication Methods in Moodle
Authentication is what happens when a user is logging in to your site. When a user is created, an authentication method must be chosen for that user. This can be changed for the user, later.
Moodle offers a variety of ways to authenticate users.
Administration → Site Administration → Plugins → Authentication → Manage Authentication
Each of the options is briefly explained by clicking on Settings for that option. Two methods cannot be disabled: Manual accounts and No login. These methods are always available to the site administrator.
Manual accounts enables the administrator to create user accounts.
No login enables the administrator to suspend a user's account. Suspending a user takes away that person's ability to log in, but keeps all the work that person did in the system, such as their blog and grades. Deleting a user removes the account and the user's data.
This method enables people to register themselves for your site. When someone fills out the new user form at your site, Moodle sends them an e-mail to confirm their account. You need to turn on e-mail-based self-registration in two places:
- Click to open the eye for Email-based self-registration
- On the same page, further down, for the Self registration drop-down list select Email-based self-registration
If you want to increase the security of your site, enable the reCAPTCHA function.
If you want to limit self-enrollment to only people at your company or school, consider using the Allowed email domains function. This will restrict self enrollment to people who have an e-mail address from your company or school.
Authenticating against an external source
Moodle can look to a different database, or another server, to determine if a user can log in. This is called authenticating against an external source.