9.5. Institutions
Administration → Institutions
You can use Mahara as multi-tenanted instance. That means that several different institutions can share one Mahara installation. All users from these different institutions can:
- share portfolio pages with each other
- give feedback on each other’s pages
- work collaboratively in groups across institution boundaries
In Administration you can set up as many institutions as you wish. Institution administrators can only administer their users and their institutions but not make any changes to site settings.
You can also set up institutions for different parts of your organisation to use different themes, have different default settings and / or authentication methods.
Note
Even if you use Mahara with one organisation only and do not want to distinguish different departments within your organisation, we recommend you set up at least one institution and not use “No institution”. By setting up at least one institution you will have two more roles available: institution staff and institution administrator.
You can create institution administrator accounts which are less powerful than the site administrator accounts. By having institution administrators, you can allow them to take care of user account creation and group creation etc. without giving them full powers over the site preventing that too many people can make site changes.
9.5.1. Overview
Administration → Institutions → Institutions (site administrator)
Administration → Institutions → Settings (institution administrator)
You see an overview of all institutions that exist on this Mahara installation (site administrator) or that you have access to as institution administrator.
Note
Institution administrators who manage only one institution do not see this page, but immediately the settings for their only institution.
- Search: Search for a particular institution by its name and then click the Search button.
- Institution: Institutions are listed alphabetically. If you click the institution’s name, you are taken to the contacts page.
- Members: Number of registered members in this institution.
- Maximum: Maximum allowed members in this institution.
- Staff: Number of institution members with staff rights.
- Administrators: Number of institution members with institution administrator rights.
- Click the Edit button to change institution settings.
- Click the Delete button to delete an institution. You can only delete an institution when there are no members in it.
- Click the Add institution button when you want to create a new institution. This button is only visible to site administrators.
- Click the Edit members button when you want to add or remove members from an institution.
- Click the Edit staff button when you want to add or revoke staff rights for an institution member.
- Click the Edit administrators button when you want to add or revoke institution administrator rights for an institution member.
Note
The institution “No institution” is the default “institution”. It cannot be deleted as it is the standard Mahara site.
9.5.2. Add an institution
Note
Only site administrators can add institutions. However, once an institution exists, institution administrators can change many of the settings.
When you want to add an institution by clicking the Add button on Administration → Institutions → Institutions, you need to provide some basic information for the new institution. You can change all settings except the Institution name later on.
Institution name: This field is required. It is the unique identifier of this institution in the database. It must be one word without numbers and symbols.
Institution display name: This field is required. It is the name that all users see throughout the site to identify this institution.
Institution expiry date: Tick the Set date checkbox if you want to give this institutuion a specific expiry date. You can then select the year, month and day from the drop-down menus. Institutions do not expire by default.
- If you specify an expiry date for this institution, once the warning time for institution expiry has been reached, site and institution administrators will receive a otification about this institution’s impending expiry.
- If the auto-suspend expired institutions option is set, then once the expiry date has been reached, this institution will be automatically suspended, and users of this institution will no longer be able to log in.
- The warning time for institution expiry and the auto-suspend expired institutions options can be found in the institution settings under Administration → Configure site → Site options.
Registration allowed: Check this box when you want to allow self-registration of new users. As institution administrators, you will be asked to confirm that users can join your institution. If you decline, their new account will be associated with “No institution” unless you have the Confirm registration option clicked. When you do not allow registration, nobody can register a new account, ask to join your institution or leave it without your permission.
Confirm registration: Check this box if you want to control that no new accounts are created unless the administrator approves the registration. You receive a notification about pending registrations when a new user wants to register.
Default membership period: You can set how long users will remain associated with this institution per default. Choose an option from the drop-down menu and then specify the number of days, weeks, months or years. After this length of time, the users will be removed from the institution. Users will receive a notification before this time reminding them that they will be removed soon. However, that does not mean that they will lose their account. They will still have that and be associated with “No institution”.
Language: Choose the language from the drop-down menu that you want the users in your institution to use by default.
Note
This is a default setting. Users in your institution can choose their own language in their account setting.
Logo: You can upload an image that will be displayed to your institution’s members in place of the standard header logo.
Theme: Use the drop-down menu to choose the theme that you wish to use for this institution. All pages in that institution will receive that theme. When users from other institutions view portfolio pages that were created in this institution, they will see this institution’s theme on these pages. If Site default is selected, when a site administrator changes the site default theme, the theme for the users of this institution will change, too. You can install more themes in the theme folder on the server. Check out the community-contributed themes. If users are allowed to have page themes, these pages are not affected by theme changes. Mahara also has a configurable theme which allows you to create a theme on the fly.
Drop-down navigation: Check this box if you want your institution to use a drop-down navigation instead the tabbed navigation.
Note
If you use the “Site default” theme option, this checkbox is disabled as the site default settings are applied. If you wish to use the theme that the site uses, but use a different main navigation option, select the theme directly for your institution, and the checkbox becomes available to you for selecting.
Page skins: Check this box if you want your institution members to use page skins.
Note
This feature is only available when the following parameter is added to the config.php file of your Mahara site: $cfg->skins = true;
Show online users: If the site administrator allowed the “Online users” side block, you can decide which group of users you want to have displayed for this institution:
- None: The side block is not displayed to institution members.
- Institution online: Only institution members are displayed in the side block.
- All: All users on the site are displayed in the side block
Require license information: If you check this box, your institution members will need to choose a license for each artefact they upload or create. They can set a default license in their account settings. You only see this option if the site administrator turned License metadata in the general site settings.
Default license: You can choose a default license for your institution members’ content. They can overwrite this default license in their account settings. You only see this option if the site administrator turned License metadata on in the general site settings. If the site administrator allowed custom licenses, you can enter one using the drop-down menu option “Other license (enter URL)”. This license can then also be used by your institution members.
Note
If you are not sure which default license to choose, please consult your organisation’s lawyer or a copyright lawyer.
Default quota: You can set the amount of file quota new users registering with this institution shall have.
Update user quota: If you check this box, the default quota you choose above will be applied to all existing institution members.
Allow institution public pages: Put a check mark into this box if you want to allow users belonging to this institution to create portfolio pages that are accessible to the public rather than only to logged-in users. If you allow public pages, users can also create secret URLs for their pages. Otherwise they cannot.
Maximum user accounts allowed: Specify the maximum number of accounts that can be created in this institution. If you leave this field blank, there is no limit to the number of accounts.
Note
When the maximum number of accounts has been reached and another user tries to register for the institution, the site administrator as well as the institution administrator for that institution receive a notification. That allows them to take further steps.
Locked fields: Put a check mark into each checkbox for which users are not allowed to change the value. Disabled checkboxes are for profile fields which are locked in the institution settings for “No institution”. These profile fields are locked at the site level and cannot be unlocked for individual institutions.
Note
Locking profile fields such as first name, last name and display name can be beneficial for institutions that wish to always identify their users by their real names and not allow users to choose nicknames.
Click the Submit button to save your changes and create this institution, or click the Cancel button to abort the creation of this institution.
9.5.2.1. Change the institution logo
You can upload a logo to any theme replacing the standard logo that comes with the theme. For best results, this image should have the same dimensions as the site logo in your institution’s theme. As each theme can have a different header height, no exact dimensions can be provided.
Note
Of the standard themes, only the “Primary School” theme requires a set height for its logo. The other themes are more flexible.
- Logo: Upload the logo that you want to use on your institution theme from your computer.
- Once you have submitted your changes, the logo will be replaced in the header and it also appears in the settings to show what you have uploaded.
- Delete logo: If you want to revert back to the standard logo, check this box and click the Submit button at the bottom of the page.
Note
There is a special logo that can be picked up by Facebook in order not to display a random image from the site. This logo must be placed into the theme folder. Mahara’s Raw theme has the Mahara logo, but it could be changed to a different one in another theme. For more information see the tracker item.
9.5.2.2. Use the configurable theme
If you do not want to use one of the built-in themes of Mahara or one of the community-contributed themes, you can either build your theme from scratch or use the configurable theme in conjunction with the logo upload.
Note
The configurable theme is only a display theme. That means that users of the institution in which it is in use see the theme applied to the site and their pages. However, when users from another institution browse the portfolio pages of users from this institution, they do not see the configurable theme, but their own theme.
You can change the configurable theme directly on the institution settings page.
In order to change any of the colours, either provide the hexadecimal color code or choose the colour from the colour picker that becomes available as soon as you click in one of the colour fields.
- Theme: Choose the “Configurable Theme” from the drop-down menu and the “Custom theme configuration” options become visible.
- Background: Background colour for the entire site, esp. visible in the header and footer.
- Text on background: The text that is displayed on the background colour, e.g. in the header and footer.
- Link: The link colour on any pages unless it is in the sidebar or navigation.
- Headings: The heading colour for all headings except in the sidebar.
- Sidebar background: The background colour of any sidebar. It should form a good contrast to the heading colour of the sidebar as that is always white.
- Sidebar content background: The colour of the inside of a sidebar.
- Sidebar link: The colour of a link inside a sidebar.
- Navigation background: The colour of the top navigation bar.
- Navigation text: The colour of the text / links in the main navigation bar.
- Sub navigation background: The colour of the secondary navigation and the highlighted section in the main navigation bar.
- Sub navigation text: The colour of the text / links in the secondary navigation and the highlighted section in the main navigation bar.
- Row background: The colour of the background anywhere rows appear.
- Colour picker: Either type in the hexadecimal colour code directly into the colour field or use the cross and arrow from the colour picker to decide on your new colour.
- Reset colours: If you want to go back to a blank slate of the configurable theme, place a check mark in this box to get back to the original colours of the configurable theme.
- Click the Submit button at the bottom of the page to make your changes.
Note
If you do not see the theme changes immediately when you are logged in as institution member, you may have to clear your browser cache.
The numbers on the example page refer to the configurable theme options above.
9.5.3. Edit the site institution
Your Mahara site itself is listed as institution under Administration → Institutions → Institutions. Per default, it has the name “No institution” and you can change certain settings that are applied to the site.
Note
Most settings for the site are made in Administration → Configure site → Site options.
Institution display name: This field is required. It is the name that people see when registration is allowed for the site without having to register for a particular institution.
Authentication plugin: You can decide which authentication methods you want to allow. See Edit an institution for more information.
Registration allowed: Switch this option on if you want to allow people to register on your site without registering for a particular institution. If you switch this setting on but not the setting Confirm registration, new user accounts do not need approval.
Note
Be careful not using Confirm registration as spammers can misuse your site and simply create accounts without your knowledge.
Confirm registration: Switch this option on if you want to control that no new accounts are created unless the administrator approves the registration. You receive a notification about pending registrations when a new user wants to register.
Logo: Here you can replace the standard site logo without having to place it in the theme folder on the server. You can upload an image that will be displayed to everyone who is not in an institution.
Note
When your site uses the small headers option, the logo is only replaced when small headers are not shown. The same is true for custom institution logos. In 15.10 we will make changes to the header and thus leave this limitation in place.
Page skins: Switch this option on if you want your users who are not in a particular institution to use page skins.
Note
This feature is only available when the following parameter is added to the config.php file of your Mahara site: $cfg->skins = true;
Comment sort order: Decide on the sort order of comments on artefacts when they are displayed on a page. You can choose between the following:
- Earliest: Sort your comments in chronological order showing the oldest comments first and the newest last.
- Latest: Sort your comments in reverse chronological order showing the newest comments first and the oldest last.
Locked fields: Put a check mark into each checkbox for which users are not allowed to change the value. Any fields that you enable here are locked from editing in institutions.
Note
Locking profile fields such as first name, last name and display name can be beneficial for institutions that wish to always identify their users by their real names and not allow users to choose nicknames.
Click the Submit button to save your changes, or click the Cancel button to discard your changes.
9.5.4. Edit an institution
Administration → Institutions → Institutions → Click the Edit button next to an institution
Once you have created your institution, you can edit its settings, suspend or delete the institution. You will have to choose at least one authentication method for this institution so that user accounts can be created.
Note
Only site administrators can add, edit and delete authentication methods for an institution and suspend it. An institution can only be deleted if there are no members in it.
You should set up at least one authentication method. Otherwise, nobody can log in to this institution. You can add multiple authentication methods to your institution to account for different users and how they are allowed to authenticate if necessary. That means for example for a university:
- Faculty and students could log in with their standard login and password if that is governed by LDAP / Active Directory (LDAP authentication) or single sign-on such as SAML (SAML authentication).
- They could also log in via Moodle as that can be added as secondary authentication method for other methods like LDAP or single sign-on (XML-RPC / MNet authentication).
- Alumni could have their MNet / LDAP authentication changed to the internal authentication once they finish their studies.
- External assessors who do not have a university login, can be given the internal authentication so that they can receive a login, but the university administration does not have to issue a login which would give them access to other infrastructure as well.
All these then still log in to the same Mahara institution. Alternatively, you could also separate the users into their own institutions on your Mahara installation if that is more appropriate for your use case. This could mean for the above example:
- Faculty and students log in and are automatically placed into the institution “University”. They see the standard university theme.
- Alumni are placed into the institution “Alumni” for easier user management as you could have the alumni coordinator manage the users. Having them in a separate institution on Mahara would make it easy to see who an alumni is. Additionally, they could receive a slightly different university theme that is geared towards alumni, and they can also receive different messages on their dashboard.
- External assessors who are placed into the separate institution “Assessors” could again be administered easily by an administrator who is the liaison for them without giving that administrator access to the user management of all other university users. They can receive the stanadrd university theme, but receive different messages on their dashboard.
Before you can use the IMAP, LDAP, SAML or XML-RPC authentication methods, you must install their extensions on your server.
- Once your institution is created, the settings include an additional option, Authentication plugin. You see all authentication methods that are already in use for this institution listed.
- From the drop-down menu choose one of the authentication methods that are available:
- Click the Add button to see the configuration screen for an external authentication method before it is added.
Warning
Be careful when choosing the “None” authentication method. This allows anyone to log in. It should only be used for testing purposes.
9.5.4.1. IMAP authentication
You can use this authentication method to receive the login information for your users from your IMAP server.
- Authority name: Enter a descriptive name to help you identify this authority. Preferably, choose a short name. This field is required.
- Hostname or address: Specify the hostname in URL form. This field is required.
- Port number: Specify the port under which your IMAP server can be reached. The default is 143. This field is required.
- Protocol: Select the IMAP protocol you are using by selecting it from the drop-down menu. This setting is required:
- IMAP
- IMAP / SSL
- IMAP / SSL (self-signed certificate)
- IMAP / TLS
- Password-change URL: If your users can only change their password in one central space, provide the URL here.
- Click the Submit button to enable this authentication method or click the Cancel button to abort your changes.
9.5.4.2. LDAP authentication
Use this authentication method to authenticate against an LDAP server so that your users can log in with their usual login and password.
- Authority name: Enter a descriptive name to help you identify this authority. Preferably, choose a short name. This field is required.
- Host URL: Specify hosts in URL form, e.g.
ldap://ldap.example.com
. Separate multiple servers with ; for failover support. This field is required.
- Contexts: List the contexts where users are located. Separate different contexts with ;, e.g.
ou=users,o=org;ou=other,o=org
. This field is required.
- User type: Select from the drop-down menu how users are stored in the LDAP directory. This field is required. You can choose between:
- Novell Edirectory
- posixAccount (rfc2307)
- posixAccount (rfc2307bis)
- sambaSamAccount (v. 3.0.7)
- MS Active Directory
- default
- User attribute: Enter the attribute used to search for users. It is often
cn
. This field is required.
- Search subcontexts: Select “Yes” if you want to search for the users also in subcontexts. This setting is required.
- Distinguished name: If you want to use bind-user to search users, specify it here. It should look something like
cn=ldapuser,ou=public,o=org
. Leave this blank for anonymous bind.
- Password: Enter the password for the “distinguished name”.
- LDAP version: Choose the LDAP version you are using from the drop-down menu. This setting is required.
- TLS encryption: Check this box if you use this encryption mechanism.
- Update user info on login: Check this box to update the first name, last name and email address with the corresponding LDAP values at each login. Enabling this option may prevent some MS ActiveDirectory sites / users from subsequent Mahara logins.
- We auto-create users: Check this box to create user accounts on Mahara automatically when a user authenticates successfully but does not yet have an account.
- LDAP field for first name: Enter the name of the field in the LDAP record that contains the user’s first name.
- LDAP field for surname: Enter the name of the field in the LDAP record that contains the user’s last name.
- LDAP field for email: Enter the name of the field in the LDAP record that contains the user’s email address.
- LDAP field for student ID: Enter the name of the field in the LDAP record that contains the user’s student ID.
- LDAP field for display name: Enter the name of the field in the LDAP record that contains the user’s display name.
- User sync: Decide whether you wish to synchronize your users via a cron job and make additional settings.
- Group sync: Decide whether you want to automatically create groups in Mahara based on your LDAP groups.
- Click the Submit button to enable this authentication method or click the Cancel button to abort your changes.
9.5.4.2.1. LDAP user sync
You can set up your LDAP authentication so that user account creation can be automated. User account deletion should be considered carefully.
Sync users automatically via cron job: Enable this setting to activate a task in the cron which will automatically create and/or update user accounts based on records in the LDAP server.
Note
By default, this cron task will execute once daily at midnight (server time). Edit the record in the “auth_cron” table or use the optional command-line script supplied at htdocs/auth/ldap/cli/sync_users.php if you wish to schedule it to run at other times or with other settings.
This setting will have no effect if the cron is not running. See the installation guide for instructions on how to set it up.
Update user info in cron: Tick this checkbox if you wish for user information to be updated via the cron if they changed in the LDAP record.
Auto-create users in cron: Tick this checkbox if you want new users in your LDAP directory to get an account automatically.
Additional LDAP filter for sync: Provide an LDAP filter here, and the sync will only see users in LDAP who match that filter. Example: Example: uid=user*
.
Warning
Use this setting with caution if you have auto-suspend or auto-delete enabled, as doing so will cause all user accounts in your institution which do not match the filter to be suspended or deleted.
If a user is no longer present in LDAP: Choose from the drop-down menu what you want to do if users are no longer in your LDAP directory:
Do nothing: Users keep their account. This is the recommended setting.
Suspend user’s account: The user’s account will be suspended. The user will no longer be able to log in, and their content and pages will not be viewable. However, none of their data will be deleted, and the user can be un-suspended by the cron when their LDAP record reappears, or manually by an administrator.
Delete user’s account and all content: The user’s account will be deleted, along with all their content and pages.
Warning
The data is fully deleted from the server when a user’s account is deleted, so this action requires a server backup to reverse.
9.5.4.2.2. LDAP group sync
You can set up your LDAP authentication so that user account creation can be automated. User account deletion should be considered carefully.
Sync groups automatically via cron job: Enable this setting to activate a task in the cron which will automatically create and/or update groups and their membership based on records in the LDAP server.
Note
By default, this cron task will execute once daily at midnight (server time). Edit the record in the “auth_cron” table or use the optional command-line scripts supplied in htdocs/auth/ldap/cli/ if you wish to schedule it to run at other times or with other settings.
Note: You will also need to activate the “Sync groups stored as LDAP objects” and / or “Sync groups stored as user attributes” settings in order for groups to be synced.
Group members can be removed as well as added by this setting. If a group is no longer found in the LDAP records, all of its members will be removed from the group.
This setting will have no effect if the cron is not running. See the installation guide for instructions on how to set it up.
Auto-create missing groups: Tick this checkbox if you want to have new groups in your LDAP directory created automatically in Mahara.
Role types in auto-created groups: Decide which roles users can have in auto-created groups.
- Course: Members, tutors and administrators
- Standard: Members and administrators
Exclude LDAP groups with these names: If you want to auto-create groups, but do not want to include all groups, you can exclude some. Type their names here.
Include only LDAP groups with these names: If you want to restrict the creation / synchronisation of your groups to a specified number, list them here.
Sync groups stored as LDAP objects: Tick this checkbox if your groups are stored as standalone records in LDAP. Example:
dn: cn=languagestudents,ou=groups,dc=mahara,dc=org
objectClass: groupOfUniqueNames
cn: languagestudents
uniqueMember: uid=user1,dc=mahara,dc=org
uniqueMember: uid=user2,dc=mahara,dc=org
uniqueMember: cn=frenchclass,ou=groups,dc=mahara,dc=org
Group class: Put the LDAP objectclass that groups are expected to have here.
Group attribute: Enter the LDAP attribute that maps to a group’s name. It is often cn
.
Group member attribute: Enter the LDAP attribute in which the group’s members are stored in. It is often uniqueMember
.
Member attribute is a dn? Tick this checkbox if if each entry in the “Group member attribute” field is a “distinguished name”. Disable this setting if each entry in “Group member attribute” field is a username only.
Process nested group: Tick this checkbox if your groups can contain other groups as members. If enabled, the sync process will recursively include the members of these nested groups into the parent group.
Note
The process will safely cease recursing if it detects a circular reference.
Sync groups in these contexts only: List the contexts where groups are located. Separate different contexts with a semicolon ;
. Example: ou=groups,o=org;ou=other,o=org
.
Note
If this field is left empty, the group sync cron will fall back to using the same list of contexts as the “Contexts” setting for where users are located.
Search subcontexts: Tick this checkbox if subcontexts should be included in the synchronisation.
Sync groups stored as user attributes: Tick this checkbox if each LDAP user record has an attribute which indicates a group the user should be in. This setting will cause the LDAP sync cron to create a group for each unique value in the specified user attribute (or in those listed in the “Acceptable group names” field), and place each user in the appropriate group (or groups, if they have multiple values for the attribute).
User attribute group name is stored in: Provide the LDAP attribute in which the name is stored.
Only these group names: When creating groups based on user attributes, only create groups with these names. This will not affect groups created via the “Sync groups stored as LDAP objects” setting, if it is active.
9.5.4.3. Persona authentication
Persona was a project of the Mozilla Identity Team. It allowed people to have one login across multiple sites without having to divulge the password to these sites. All they need to log in to a Persona-enabled site is their email address. The project was discontinued in November 2016. You can migrate existing Persona accounts to internal authentication.
9.5.4.4. SAML authentication
Choose this authentication method for your institution when you have a SAML 2.0 Identity Provider Service set up for your organisation that allows you to use the same login for multiple applications.
Institution attribute (contains “…”): Enter the attribute that will be passed from the Identity Provider (IdP) that shows which institution the user belongs to. This usually directly correlates to the LDAP attribute (the signin service of the IdP), e.g. eduPersonOrgDN. This field is required.
Institution value to check against attribute: Enter the value that will be checked against the institution attribute value as passed from the IdP. If the institution regex checkbox “Do partial string match with institution shortname” is selected, this value can be a regular expression that will be used to check against the institution attribute value. This field is required.
Do partial string match with institution shortname: Check this checkbox to treat the value in “Institution value to check against attribute” like a regular expression.
User attribute: Enter the name of the attribute passed by the IdP that contains the username. This field is required.
Match username attribute to remote username: This box is selected by default and needs to stay selected. It matches the user attribute value to the remote username field assigned to a given user (not the internal Mahara username). Only if you have the experimental feature of “usersuniquebyusername” turned on can you deselect this checkbox. We do not recommend this unless you are very experienced and have control over all applications in question.
Warning
By default, SAML authentication instances have the “Match username attribute to remote username” setting selected. If that setting were unchecked, someone with control over any SAML identity provider could gain control over any user account on that Mahara site by setting the username attribute accordingly. In other words, administrators of one institution could control users in other institutions. You would only be able to deselect this setting if you set the “usersuniquebyusername” variable to “true” in config.php
. However, you should not do that on a Mahara instance to which multiple SAML providers connect and you are not in control of all usernames that are created.
Allow users to link own account: Check this box if you want to allow users to link their own internal Mahara account to the authenticated SAML account. This depends on the “Match username attribute to remote username” option being enabled. If this setting is turned on when users try to log in via SSO and their username as well as the email for example match an internal username, they can link their accounts. That would allow them to log in either via the SSO login or via the regular login box into the same account and avoid account duplication.
Update user details on login: Check this box to update the first name, last name and email address with the corresponding IdP values passed through at each login.
We auto-create users: This is unselected by default and needs to stay unchecked if the option “Match username attribute to remote username” is enabled. Check this box to create user accounts on Mahara automatically when a user authenticates successfully but does not yet have an account. Only if you have the experimental feature of “usersuniquebyusername” turned on can you select this checkbox. We do not recommend this unless you are very experienced and have control over all applications in question.
SSO field for first name: Enter the name of the attribute passed by the IdP that contains the user’s first name.
SSO field for surname: Enter the name of the attribute passed by the IdP that contains the user’s last name.
SSO field for email: Enter the name of the attribute passed by the IdP that contains the user’s email address.
Click the Submit button to enable this authentication method or click the Cancel button to abort your changes.
9.5.4.5. XML-RPC / MNet authentication
Use the XML-RPC authentication for connecting a Mahara instance to a Moodle or an other Mahara installation for sharing login information. With Moodle 2 that does not only mean that you can log in to Mahara via Moodle, but also that you can transfer certain activities into your Mahara portfolio from Moodle.
A Moodle site can only be connected to Mahara once no matter how many institutions you have set up. Every XML-RPC authentication instance in Mahara must have its own unique remote wwwroot and must be associated with a single institution.
Note
You must have networking enabled in order to use this authentication method.
Authority name: Enter a descriptive name to help you identify this authority. Preferably, choose a short name. This field is required.
WWW root: Enter the web address of the root of the remote application, e.g. http://example.com
. This field is required. If your WWW root requires a specific port, enter the port number that the remote application is listening at. You probably will not need to add a port unless you are connecting to a https
service or your remote application is running on a non-standard port.
Site name: Enter the name to present to your users to identify the remote site. If you enable SSO, they may click on this name to start a session at the remote site. This field is required.
Application: Choose the application on the other end. You can choose between “Mahara” and “Moodle”.
Parent authority: If you set a parent authority from the already existing authentication methods, users will be able to log in using that authority as well as MNet. For example, you could set up SAML authentication and have that be the parent of this MNet authority. That means that users will be able to log in by clicking the SSO login button using their SSO credentials as well as via MNet from their Moodle. You do not have to set a parent authority. If you do not, users using MNet will only be able to access Mahara via MNet, i.e. log in to Moodle or the other Mahara first.
Wrong login box message: Enter a message to display when a user tries to log in via Mahara’s login form but is not allowed to if you have not set up a parent authority.
SSO direction: Choose your SSO direction from the drop-down menu:
- They SSO in: Enable this option to allow users from the remote site to roam to your Mahara site without having to enter their username and password. This is the most commonly used setting.
- We SSO out: Enable this option to allow your users to roam from Mahara to the remote site without having to enter their username and password there.
Update user info on login: Enable this option to bring over user data from the remote site upon login and update your Mahara user record with any changes. The following fields, when filled in on Moodle, are filled in Mahara:
- first name (always carried over)
- last name (always carried over)
- email address (always carried over)
- profile picture
- description (introduction on Mahara)
- city
- country
- language
- HTML editor setting
We auto-create users: Check this box to create user accounts on Mahara automatically when a user authenticates successfully but does not yet have an account.
We import content: Not all network-enabled applications support this, but if they do, e.g. Moodle 2.x, this will allow users of the remote site to import content to Mahara. It depends on the option “They SSO in” from “SSO direction” and it is sensible to also have “We auto-create users” set.
Click the Submit button to enable this authentication method or click the Cancel button to abort your changes.
See also
Refer to the comprehensive guide about setting up Mahoodle, the combination of Mahara and Moodle, for step-by-step instructions on how to set everything up on the Moodle side and on Mahara. The guide explains the steps for both Moodle 1.9 and Moodle 2.x.
9.5.4.6. Order of authentication methods
If you have set up multiple authentication methods in one institution, you can decide on the order in which they are checked.
- Use the Up arrow button and the Down arrow button to move a specific authentication method up or down in the list.
- Delete a particular authentication method by clicking the Delete button .
Note
You cannot delete an authentication method when there are still users who require it to log in. Before deleting an authentication method, you have to move the users to another authentication method.
9.5.4.7. Suspend institution
A site administrator can suspend an institution at any time.
Click the Suspend institution button to make an institution (temporarily) unavailable to its users.
9.5.5. Institution static pages
Administration → Institutions → Static pages
Institution administrators can overwrite the content of the static pages that the site administrator created. These pages are:
- About
- Home (Dashboard)
- Logged-out home
- Privacy statement
- Terms and conditions
All pages come with default text that you can change entirely. Every page must contain some text. You can use the visual editor to style your page.
- Institution: If you are a site administrator or an institution administrator of more than one institution, choose the institution for which you want to change page content.
- Page name: Choose the page you want to edit from the drop-down menu.
- Use site default: Tick this checkbox if you want to use the content that is displayed on the page for the entire site.
- Page text: Change the text in the editor window. You cannot leave this field empty.
- Click the Save changes button.
9.5.6. Members
Administration → Institutions → Members
You can add and remove members from one institution in bulk. As site administrator, you can always add members to an institution. As institution administrator, you can only invite users to become members.
You can filter users to display fewer and add to or remove them more easily from your institution:
- People who have requested institution membership
- People who have not requested institution membership
- People who have left a given institution
- People who are already institution members
- People who have been invited
Note
You can double-click a name and it will be moved to the other side. This goes for all functionalities that are similar to this one here.
9.5.6.1. People who have requested institution membership
If your institution allows self-registration, users who are not already members of your institution can request to join it.
Institution administrators receive notifications about membership requests. Site administrators only receive notifications about users wanting to join “No Institution”.
- Users to display: Choose People who have requested institution membership.
- Institution: Choose from the drop-down menu to which institution you wish to add users. If there is only one institution, its name will be displayed without the drop-down menu.
- Users who have requested membership: Select the users you wish to add to the institution.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users by clicking the right-arrow button .
- Users to be added / rejected: If you put users into the box for users to be added / rejected by accident, you can remove them from that list by clicking on them.
- Then click the left-arrow button , and they are removed from the list.
- When you have all the members you wish to add to the institution, click the Add members button.
- Alternatively, if you wish to decline users membership, you can select them and then send a general denial by clicking the Decline requests button.
9.5.6.2. People who have not requested membership yet
An admin can also take the initiative and invite or add users to an institution.
- Users to display: Choose People who have not requested membership yet.
- Institution: Choose from the drop-down menu to which institution you wish to invite users. If there is only one institution, its name will be displayed without the drop-down menu.
- Non-members: Select the users you wish to invite to the institution.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users to the list Users to be invited by clicking the right-arrow button .
- If you put a person into the box for users to be invited by accident, you can remove them from that list by clicking on them.
- Then click the left-arrow button , and they are removed from the list.
- When you have all the members you wish to invite to the institution, click the Invite users button. The users receive a notification and can accept or decline the institution membership invitation.
- Alternatively, you can click the Add members button as site administrator and add users directly to the institution without asking them first.
9.5.6.3. People who have left a given institution
An administrator can filter users by the previous institution to which they were attached in order to find them more quickly.
Note
This is only of importance for a multi-tenanted Mahara instance with at least 2 institutions.
- Users to display: Choose People who have left a given institution. “Left” is interpreted loosely, it also means when an administrator removed them from an institution.
- Previous institution: Choose the institution from which you want to add users. The users must have left it first to be listed here.
- Institution: Choose from the drop-down menu to which institution you wish to invite users. If there is only one other institution, its name will be displayed without the drop-down menu.
- Users who have left institution [name of the institution]: Select the users you wish to invite or add to the other institution.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users to the list Users to be invited by clicking the right-arrow button .
- If you put a person into the box for users to be invited by accident, you can remove them from that list by clicking on them.
- Then click the left-arrow button , and they are removed from the list.
- When you have all the members you wish to invite to this institution, click the Invite users button. The users receive a notification and can accept or decline the institution membership invitation.
- Alternatively, you can click the Add members button as site administrator and add users directly to the institution without asking them first.
Note
Mahara keeps track of the last institution of a user via an invisible tag.
9.5.6.4. People who are already institution members
You can remove users from an institution, e.g. if they are no longer students at a school or university, but should still have an account on Mahara or when they are just switching institutions on the same Mahara instance.
- Users to display: Choose People who are already institution members.
- Institution: Choose from the drop-down menu which institution’s members you wish to display. If there is only one institution, its name will be displayed without the drop-down menu.
- Current members: Select the users you wish to remove from the institution.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users to the list Users to be removed by clicking the right-arrow button .
- If you put a person into the box for users to be removed by accident, you can remove them from that list by clicking on them.
- Then click the left-arrow button , and they are removed from the list.
- When you have all the members you wish to remove from your institution, click the Remove users button.
9.5.6.5. People who have been invited
An administrator can uninvite users from an institution.
- Users to display: Choose People who have been invited.
- Institution: Choose from the drop-down menu which institution’s members you wish to display. If there is only one institution, its name will be displayed without the drop-down menu.
- Invited users: Select the users you wish to univite from joining the institution.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users to the list Users to be uninvited by clicking the right-arrow button .
- If you put a person into the box for users to be uninvited by accident, you can remove them from that list by clicking on them.
- Then click the left-arrow button , and they are removed from the list.
- When you have all the users you wish to uninvite from the institution, click the Revoke invitations button.
9.5.7. Institution staff
You can give users staff rights in an institution in which they are members. The staff role will allow them to create course groups for example. This page allows you to do that in bulk for many users at once.
- Institution: Choose the institution from the drop-down menu for which want to give staff rights to members.
- Institution members: Select the institution members who shall get staff rights.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users to the list Institution staff by clicking the right-arrow button .
- If you put a user into the institution staff list by accident or want to remove existing staff members and return them to normal membership status, select them.
- Then click the left-arrow button , and they are removed from the list.
- When you have all the members you wish to have as staff in the institution, click the Submit button.
9.5.8. Institution administrators
You can give users administrator rights in an institution in which they are members. The administrator role will allow them to manage users in their own institution. This page allows you to do that in bulk for many users at once.
- Institution: Choose the institution from the drop-down menu for which want to give admin rights to members.
- Institution members: Select the institution members who shall get admin rights.
- Search: You can also search for users in the search box if there are too many names listed.
- Add the users to the list Current admins by clicking on the right-arrow button .
- If you put a user into the institution admin list by accident or want to remove existing admin members and return them to normal membership status, select them.
- Then click on the left-arrow button , and they are removed from the list.
- When you have all the members you wish to have as admins in the institution, click the Submit button.
9.5.9. Admin notifications
Administration → Institutions → Admin notifications
The Admin notifications page lists all users with institution and site administrator access on your site. It shows their selected notification preferences for all admin notifications. There should be at least one administrator receiving each type of message generated.
Note
Institution administrators only see admin notifications for their own institutions.
Admin notifications are:
- Contact us
- Objectionable content
- Repeat virus upload
- Virus flag release
9.5.10. Profile completion
Administration → Institutions → Profile completion
Profile completion lets you select content that users of an institution need in order to have a “completed” profile. The parameters for a completed profile can differ from one institution to another. In some cases you can also decide how many content items a user needs of a specific artefact type to complete their profile.
See also
The site administrator needs to enable the profile completion feature in the user settings for institutions to be able to use it.
- Institution: If you administer more than one institution, select the one for which you want to set up the profile completion from the drop-down menu.
- Profile: Tick the checkboxes next to the items that you want your users to fill in from their profile. That includes, their first name, last name, blog address etc.
- Résumé: Select the checkboxes next to the résumé items that your users should fill in to have a completed profile.
- Plans: Select the number of plans and tasks a user should have from the drop-down menus.
- Journals: Select whether a user needs to have a journal and / or a certain number of journal entries for a complete profile.
- Files: In this section you can decide whether users need to upload a certain number of files. You can also specify the file type and decide how many items of each file type users should upload for a complete profile.
- Comment: Select from the drop-down menu the number of feedback comments a user should make to gain a completed profile.
- Click the Submit button to save your changes.
- Profile completion preview: Once you clicked the Submit button, you will see a preview of the progress bar that is displayed to your institution users in the sidebar.
9.5.11. Institution pages
Administration → Institutions → Pages
You can create pages for your entire institution. Although you could always create pages under a regular user account that other users could copy into their own portfolio, the advantage of institution pages is that new members in the institution can receive a copy upon joining the institution.
Institution: Click on the institution in the drop-down menu for which you want to create or edit institution pages.
Search: If you have a lot of institution pages, you can search for a particular one here. You can search in the title, description and tags or only in tags.
Click the Create page button to start a new institution page.
Note
Creating and editing an institution page is very similar to creating and editing a portfolio page. However, not all blocks are available when editing an institution page in the page editor due to the different context. Please refer to the overview of blocks for a list of all the blocks that you can use in an institution page.
Click the Copy page button to start a new page from a copy of an already existing one. This does not have to be an institution page but can be any page that you are allowed to copy.
View an institution page that you have already created.
Click the Edit button to change an existing institution page.
click the Delete button to delete an institution page.
Note
When somebody leaves feedback on an institution page or artefact, the institution and site administrators receive a notification.
9.5.12. Institution collections
Administration → Institutions → Collections
You can create collections for your entire institution. Although you could always create collections under a regular user account that other users could copy into their own portfolio, the advantage of institution collections is that new members in the institution can receive a copy upon joining the institution.
- Institution: Click on the institution in the drop-down menu for which you want to create or edit institution collections.
- Click the New collection button to start a new institution collection.
- Click the Copy a collection button to start a new collection from a copy of an already existing one. This does not have to be an institution collection but can be any collection that you are allowed to copy.
- Click on the collection title to go to the first page of the collection.
- View the description of this collection.
- Click on any title of a page within a collection to jump directly to it.
- Click the Manage button to move pages within a collection, add to or delete pages from a collection.
- Click the Edit button to change the title and description of a collection.
- Click the Delete button to delete the collection. The pages will still exist.
9.5.13. Share institution pages and collections
Administration → Institutions → Share
You can see a list of all institution pages and collections for a specific institution.
- Institution: Select the institution from the drop-down menu for which you want to see the institution pages and collections.
- Collections: All institution collections for that institution are listed here.
- Pages: All institution pages for that institution are listed here.
- Access list: View the access permissions for the pages and collections.
- Click the Edit access button to change the permissions of who can view and copy a page or collection.
- Click the Edit Secret URL button to define a secret URL for a page or collection.
Sharing an institution page or collection is very similar to sharing a portfolio page or collection. The only difference is that you can allow new institution members to receive a copy of an institution page or collection immediately upon joining the institution.
- When you clicked the Edit access button on the Share page for institution pages and collections, place a tick in the checkbox Allow copying under Advanced options.
- Once you have put a check mark into that box, the line Copy for new institution members appears, and you can place a check mark into that box if you wish all new institution members to receive that page or collection automatically upon joining that institution.
- Click the Save button at the bottom of the page to save your changes.
9.5.14. Files
Administration → Institutions → Files
The files area in an institution holds all files that are uploaded by administrators as institution files. The uploading process works like the one in the personal files area.
9.5.15. Institution statistics
Administration → Institutions → Institution statistics
The type of statistics you have available for institutions are very similar to the site statistics. You can view statistics for each institution individually and for example use the CSV download options to
- compare the institution statistics to the site statistics
- compare institutions with each other
Note
All institution administrators have access to their institution(s)’ statistics at any time. If the site administrator set the staff statistics access correctly, institution staff will also be able to see the statistics for their institution(s).
9.5.15.2. Users
You can see basic information about an institution’s users to keep track of them.
On the Users tab of the institution statistics, you see information about
- the average user in this institution:
- average number of friends with the name of the person with most friends
- average number of pages with the author of the most pages
- average amount of file quota used with the user who has used most
- daily user statistics with information about how many users
- logged in
- were created
- existed in total on a specific day
- link to download the daily user statistics as CSV file
9.5.15.3. Pages
You can view statistics about an institution’s pages in the Pages tab.
The information that you can view is:
- The most frequently used blocks in portfolio pages.
- A graph shows the distribution of profile, group and portfolio pages.
- Most popular pages: The most popular pages are sorted in descending order with links to the pages and the owner.
- Export statistics in CSV format: Download the cumulative statistics about the pages and number of views as well as comments as CSV file.
9.5.15.4. Content
The Content tab in the institution statistics holds information about
- artefacts
- blocks
- general site information
- Name: The statistics item itself, e.g. artefact, block or other general item on institution level. It is linked to the Historial data statistics for an overview of the changes over time.
- Modified: This column shows the number of updates to an artefact etc. during the current week.
- Total: This column shows the total number of instances of the statistics items.
- Export statistics in CSV format: Download the cumulative statistics about all the statistics shown for the week as CSV file.
Note
The number of total content statistics will vary because only when an artefact or block etc. was used, will the statistics be created for that type.
9.5.15.5. Historical data
The Historical data tab in the institution statistics holds historical data over time about a particular content item that you have clicked on in the Content tab. Changes are saved per default on a weekly basis. However, whenever you run the cron manually, a new statistics will be created as well. You can also download the statistics as CSV file.
- Historical statistics for field: Display of the artefact or other item that you are looking at.
- Date: Display of the date when the statistics were created.
- Modified: Display of the number of modifications from the previous date to the next one when the statistics were created.
- Total: Total number of instances of this statistical item at the time the statistics were run.
- Export statistics in CSV format: Download the cumulative statistics for this particular item as CSV file.
Note
When you click on the Historical data tab without choosing an item to look at in particular beforehand, the number of users are displayed as that is a statistics that is available on all sites.
9.5.16. Pending registrations
Administration → Institutions → Pending registrations
When you turn on Confirm registration for an institution in the institution settings, no user account in this institution is created without the administrator knowing it. If a user is rejected, no account is created. If the option Confirm registration is not turned on, a user account is created in the “No institution” institution but not in the actual institution.
Below follows the process for self-registration with Confirm registration turned on.
9.5.16.1. Self-register for an internal account
When users try to self-register for your institution, they must provide certain details.
- First name: Type your first name.
- Last name: Provide your last name.
- Email address: Provide your email address.
- Institution: Select the institution for which you want to register. There is an indicator whether the institution you wish to register for requires administrator approval.
- Registration reason: If administrator approval is required, you can provide a reason why you want to join.
- If the site administrator requires users who self-register to agree to the terms and conditions, the “Registration agreement” of the site, you must read through them below and then make your choice.
- Click the Register button.
- The administrators of that institution and the site administrator receive a notification about the pending registration. They then review pending registrations.
- You will receive an email which includes a link to confirm your email address. You must click that link within 24 hours. If you do not, you will have to start the registration process again from the beginning.
9.5.16.2. Review pending registrations
As administrator, you can view pending registrations for your institutions on the Pending registrations page in Administration → Institutions → Pending registrations.
- Institution: Choose the institution for which you want to view the pending registrations.
- Pending registration: You see a list of all registration requests that include the names of the requesters and their email addresses.
- Registration reason: The reason for registration is displayed.
- Click the Approve button when you want to approve this registration request. You will have to confirm your approval on the next page. The person self-registering receives an email with a link to complete the registration process.
- Click the Deny button when you do not want this person to register for your institution and receive an account.
When you approve users, you can decide whether they should receive staff rights immediately. For example, this helps to give all teachers at a school staff access rights upon their self-registration.
- Institution staff: Place a check mark in this checkbox if the user shall have staff access rights.
- Click the Approve button when you want to approve this registration request or click the Cancel button to abort the approval process.
When you deny a person access to your institution, you can also provide a reason.
- Denial reason: Write your reason for denying institution membership that might help the person to know why you do not want to give them access.
- Click the Deny button to send a notification to the person’s email address with the reason for the denial.
- Click the Cancel button to be taken back to the page with all pending registrations.
9.5.16.3. Complete self-registration
When users are accepted as members in an institution via this process, they must still complete the registration process. This is necessary to provide information in all required fields besides a password and a username.
- New username: Choose your new username. A default username is suggested, but you can provide a different one. If your suggested username is already taken, the system will let you know after you submit your information.
- New password: Choose a password for your account. This field is required.
- Confirm password: Re-type the new password. This field is required.
- Click the Submit button to complete your registration. You will be taken to your Dashboard.