11.4. People

Administration menu → People

In the People menu of the administration site administrators can:

  • search for people

  • change settings for individual people

  • suspend and delete accounts

  • make people site staff or administrators

  • check the administrator notification settings

  • add and update accounts manually or by CSV

  • view reports

In the People menu of the administration institution administrators can:

  • search for people

  • change settings for individual people

  • suspend and delete accounts

  • check the administrator notification settings for their institution’s administrators

  • add and update accounts manually or by CSV

  • view reports

11.4.2. Account settings

Administration menu → People → People search → Click on a username

On the Account settings page of a person in the administration area, you can perform a number of actions to manage the account. However, you cannot change personal information about this person, e.g. name or email, from this page. This can only be done in the Profile area of the account or via the Add people by CSV page.

Overview of the account settings page

  1. Log in as this person.

  2. Suspend or delete this person.

  3. Change site account settings.

  4. Change institution settings.

11.4.2.1. Log in as

As administrator you have the power to log in as any person that you manage and masquerade as them.

Note

Site administrator can log in as anybody while institution administrators can only perform this action for members of their institution(s).

It is a great function for troubleshooting an account because you see everything as the person would without having to know the password.

Warning

This function can be misused by administrators because you can make changes to the person’s portfolio and artefacts as well as participate in groups while logged in as them. People should be aware of this function and that an administrator can enter their account.

Sites should have clear policies around the use of this function so that the privacy of people and their portfolios and collaborative work is protected. Therefore, there should also not be many people within an institution who have administrator rights.

Log in as another person

  1. Click on the person’s name to go to their profile page. You can then click the Log in as … link to become that person from that screen.

  2. Click the Log in as link to become that person. You see a warning bar at the top of the browser window telling you that you are masquerading as that person.

Stop masquerading as another person

When you want to return to your own account again, click the Become [your name] again link at the top of the browser window.

When the site administrator enabled the logging of all or just masquerading events, administrators may be required to provide a reason for the masquerading and a notification about this may be sent to the account holder.

Provide a reason for masquerading as another person

  1. Write why you are masquerading as this person. This reason may be sent to the person if the site administrator demands that.

  2. Click the Continue button to log in as that person.

  3. If the site administrator decided to have account holders notified of the masquerading, you would see the screen notice ‘The person has been notified of this masquerading session.’

When the site administrator decided to send notifications to people when an administrator logs into their account, the peoples receive this notification in their inbox. Depending on their notification settings, it can also be delivered via email.

Notification a person receives when an administrator masquerades

  1. Activity type: The masquerading notification is a system message. If you receive a lot of notifications, you can filter for just them.

  2. Click the bar to see the full text of the message.

  3. The system message ‘An administrator logged in as you’ contains the name of the administrator and the time when the administrator started masquerading. If the site administrator requires a reason to be sent for the masquerading, it is displayed as well.

  4. The name of the administrator who logged in as you is linked to the profile page for you to find out more about them or send them a message.

11.4.2.2. Suspend a person

Suspend a person if they do not follow the terms and conditions of the site and behave inappropriately. Suspended people cannot log in, but all their content is still available.

Suspend a person

  1. Click the link Suspend or delete this person. A pop-up windows becomes visible.

  2. Reason: Provide a reason for your suspension. This is particularly useful when you are not the only administrator and / or need to remember after some time why you suspended this person.

  3. Click the Suspend person button to disallow them from logging in.

Suspension notice on the person’s account settings page

When a person has been suspended, the suspension message appears on their account settings page stating the reason and the date for the suspension and giving the administrators the possibility to unsuspend the person by clicking the Unsuspend person button.

You can unsuspend a person from this page or together with others on the Bulk actions page.

Suspended person tries to log in and gets suspension message

When the person tries to log in, they will see the suspension message and the reason. They can then contact an administrator via the ‘Contact us’ form for further action.

11.4.2.3. Delete account

Peoples can delete their own accounts in their account settings if self-registration is allowed by their institution. Administrators can also delete accounts at any time.

Delete an account

  1. Click the link Suspend or delete this person. A pop-up windows becomes visible.

  2. Click the Delete account button to delete this account permanently. This action cannot be undone. As this is a permanent action, you see a confirmation pop-up window that you will have to acknowledge.

Warning

When you delete an account, all personal data is wiped from the system. This action cannot be undone. The person’s contributions in groups, e.g. forum messages, uploaded files and pages created in a group, are still available, but are made anonymous by changing the name to ‘Deleted account’ as author where an author is shown.

Note

If an account was deleted by accident - either by a person themselves or by an administrator - swift action may result in recovery of (most of) the data from a backup file. This requires access to the server’s backups and the backend of Mahara. More information is available on the wiki under Restoring a deleted account.

11.4.2.4. Change site account settings

You can view and change a number of settings for an account.

Note

Depending on the authentication method that is associated with this account, you may not be able to edit all settings.

Site account settings of a person

  1. Change username: Give the person a different username. This field is not available when the account is managed by an external authentication method.

  2. Reset password: Change the password for this account. This field is not available when the account is managed by an external authentication method.

  3. The password strength indicator gives you an idea of how strong your password is in relation to the password policy.

  4. Force password change on next login: Change the switch to ‘Yes’ if the person shall change the password upon the next login. This option is not available when the account is managed by an external authentication method.

  5. Primary email: Displayed is the primary email address for this person. This email address is used for any notifications. You can change that email address here.

    Note

    The previously used email address stays in the account as secondary email address until the person deletes it.

  6. Account roles: All roles possible to associate with an account can be displayed here either for the site or further down in the individual institution(s) in which the person is a member. The default built-in roles are:

    • Site staff: Change the switch to ‘Yes’ if the person shall become a staff member for the entire site.

    • Site administrator: Change the switch to ‘Yes’ if the person shall have full administrative rights for the entire site.

    See also

    New account roles can be set via SAML for SSO accounts.

  7. Disable email: Change the switch to ‘Yes’ to disable the sending of emails for this account. If email is disabled, notifications and messages can only be viewed in the internal inbox. You can set up your Mahara site so that emails are disabled automatically if they are bounced back.

    Warning

    When the email address is disabled, account holders cannot reset their passwords themselves as no email can be sent.

  8. Last login: The date and time when the person logged into Mahara for the last time is displayed.

  9. Account expires: Enter a date via the calendar if you want to set an expiry date.

    Note

    The default setting is that the date is not specified. You can set an automatic account expiry date for everyone in the account settings of the site configuration.

  10. File quota: Change the storage allowance for a person’s personal files area. Institution administrators may not be able to update the quota if the site administrator disallowed that. The default value as set in the files configuration in the plugin administration.

  11. Quota used: You can see how much this person has already used of their allocated quota.

  12. Spammer probation status: This setting controls whether the person is considered to be on probation as a possible spammer. See the spam probation levels for more information.

    Note

    This feature is only available on sites that have spam probation turned on.

  13. Authentication method: Choose the authentication method for this person. A site administrator can set up the authentication methods in the institution administration. Depending on the authentication method that you have chosen, you may have to provide a remote username to allow the person to log in.

    Note

    You only see the authentication methods that you are allowed to assign to the person based on their institution membership.

    The field Username for external authentication is only displayed if an authentication method is chosen that requires a remote username. This allows administrators to see if a remote username has been supplied or not.

  14. Tags: A person can be tagged by an administrator. The tag of the institution to which the person belonged prior to joining a new institution is not displayed to avoid its deletion.

  15. Click the Save changes button when you are done editing the settings.

11.4.2.5. Change institution settings

You can view and change settings regarding a person’s membership in institutions. Depending on the site settings for institutions, a person may be added to more than one institution.

Institution settings for a person

  1. Institution: Choose the institution to which you want to add this person from the drop-down menu.

    Note

    Only site administrators or institution administrators who have administrator permissions in more than one institution see this option.

  2. Click the Add to institution button to make this person a member of this institution.

  3. Click the Institution settings bar to see more details about the person in this institution. The bar shows the name of the institution.

  4. Membership expires: Click into the field to view the date picker and choose when you want to remove this person from this institution. They are removed from your institution on that date, but retain their account and can still log in.

    Note

    The default setting is that the date is not specified. You can set an automatic institution membership expiry date for all members in your institution in the settings for your institution.

  5. ID number: Provide an optional identifier for this person in this institution. This field is not editable by the institution member.

  6. Account roles: It is possible to extend account roles. All account roles a person has in an institution context can be set here. The default built-in roles are:

    • Institution staff

    • Institution support administrator

    • Institution administrator

  7. Institution staff: Change the switch to ‘Yes’ if you want to give this member staff permissions in this institution. This will allow them to create controlled groups for example.

  8. Institution support administrator: Change the switch to ‘Yes’ if this institution member shall receive the institution support administrator permissions in this particular institution.

  9. Institution administrator: Change the switch to ‘Yes’ if you want to make this member an administrator of this institution.

  10. Click the Update button to save your changes.

  11. Click the Remove from this institution button to disassociate this person from this institution. The account will not be deleted. The person will only not be associated with this institution any more.

11.4.3. Suspended and expired accounts

Administration menu → People → Suspended and expired accounts

A list of all suspended and expired accounts is available in the sub-menu Suspended and expired accounts. Here you can unsuspend / reactivate or delete them.

Note

Site administrators see all people whereas institution administrators only see people who are members of their institution(s).

11.4.3.1. Suspended accounts

List of all suspended accounts

  1. Show: Select to view suspended accounts.

  2. Basic details about each account are displayed to ensure that you are looking at the correct ones. That includes displaying the suspension reason.

  3. Select the account(s) for which you want to perform the same action.

  4. Click the All button if you want to select all suspended accounts or click the None button to reset your selection.

  5. Click the Unsuspend people button to reinstate the accounts for all selected accounts.

  6. Click the Delete accounts button to delete all selected accounts in bulk. This action cannot be undone and all personal information of these people will be deleted (see delete accounts).

  7. The total number of suspended accounts is shown.

Warning

When you delete an account, all personal data is wiped from the system. This action cannot be undone. The person’s contributions in groups, e.g. forum messages, uploaded files and pages created in a group, are still available, but are made anonymous by changing the name to ‘Deleted account’ as author where an author is shown.

11.4.3.2. Expired accounts

List of all expired accounts

  1. Show: Select to view expired accounts.

  2. Basic details about each account are displayed to ensure that you are looking at the correct ones. That includes the dates on which the accounts were expired.

  3. The total number of expired accounts is shown.

  4. Select the account(s) for which you want to perform the same action.

  5. Click the All button if you want to select all expired accounts or click the None button to reset your selection.

  6. Click the Reactivate expired accounts button if you want to allow these people access to their accounts again.

  7. Click the Delete accounts button to delete all selected accounts in bulk. This action cannot be undone and all personal information will be deleted (see delete account).

Warning

When you delete an account, all personal data is wiped from the system. This action cannot be undone. The person’s contributions in groups, e.g. forum messages, uploaded files and pages created in a group, are still available, but are made anonymous by changing the name to ‘Deleted account’ as author where an author is shown.

11.4.4. Site staff

Administration menu → People → Site staff

Note

Site staff is only accessible by site administrators.

On this page you can choose which peoples receive site staff rights. Potential staff members - anybody on the site - are listed on the left while existing site staff members are listed on the right.

Give site staff rights

  1. Search: If you have too many people on your site and you cannot see the ones you want, you can search for them here.

  2. Potential staff: Select the people you wish to make site staff. You can select multiple persons at once using Ctrl and Shift click.

  3. Add the potential staff members to the right-hand side, ‘Current staff’, by clicking the right-arrow button .

  4. Current staff: If you want to remove an existing or accidentally added site staff member, you can remove them from the list on the right-hand side by clicking on their name.

  5. Then click the left-arrow button , and the person is removed from the list.

  6. When you have chosen all members you wish to make site staff or removed from the current staff list, click the Submit button.

Note

You can also double-click a name and it will be moved to the other side.

11.4.5. Site administrators

Administration menu → People → Site administrators

Note

Site administrators is only accessible by site administrators.

Site administrators have powerful permissions. They can make far-reaching changes and also log in as other person. Be careful whom you give these rights. One site administrator is needed for each site. The total number of site administrators should be kept small.

Give site administrator rights

  1. Search: If you have too many people on your site and you cannot see the ones you want, you can search for them here.

  2. Potential administrators: Select the persons you wish to make site administrators. You can select multiple persons at once using Ctrl and Shift click.

  3. Add the potential site administrator to the right-hand side, ‘Current administrators’ by clicking the right-arrow button .

  4. Current administrators: If you want to remove an existing or accidentally added site administrator, you can remove the person from the list on the right-hand side by clicking on their name.

  5. Then click the left-arrow button , and the person is removed from the list.

  6. When you have chosen all members you wish to make site administrators or removed from the current site administrator list, click the Submit button.

Note

You can also double-click a name and it will be moved to the other side.

11.4.6. Export queue

Administration menu → People → Export queue

This feature is experimental.

The export queue is available for the following exports:

  • When group administrators or tutors release portfolios in groups that allow the archiving of submitted pages, these submissions will be placed into the export queue and only released once the export completed successfully.

  • If the site administrator enabled the feature to queue exports, exports that account holders initiate via Main menu → Manage → Export are also queued. Once completed, a notification is sent to download the export file within 24 hours.

All available export formats are considered for the export since Mahara 20.04 and only one combined export made.

See also

The export queue requires that cron runs.

Export queue for exports

  1. Search: Enter your search term. The default text in the field shows you in which institution context you perform your search. Type the name, display name or username or email address or any partial thereof you wish to search for in the search field. If you turned on the exact search, you need to provide the correct name or email address and not a partial one.

  2. Use the drop-down arrow to choose a single institution in which to search for a person.

  3. Click the Go button to start your search.

  4. In the results table you see the profile picture of the person.

  5. First name: Displays the first name of the person. This is the default column for sorting results.

    Note

    Click on the other headings of the table that are links to sort the table differently.

  6. Last name: Displays the last name of the person.

  7. Display name: Shows the display name of the person.

  8. Username: Clicking on the username, you are taken to the person’s account settings page instead of their profile page as you would with the other names.

  9. Export content: Brief description of what is being exported.

  10. Status: Displays the status of the export. Only pending and failed exports are shown.

  11. Export: Tick the checkboxes in this column if you wish to re-run an export that has failed. You can select all checkboxes by clicking the All button or remove all checkboxes by clicking the None button.

  12. Click the Re-queue button to re-run all selected failed exports.

  13. Delete: Tick the checkboxes in this column if you wish to delete any pending or failed exports. You can select all checkboxes by clicking the All button or remove all checkboxes by clicking the None button.

  14. Click the Delete button to delete all selected pending or failed exports.

11.4.7. Add a person

Administration menu → People → Add a person

You can add people to your site (site administrator) or your institution (institution administrator) by creating accounts for them manually one by one.

Add a person manually

  1. Click the Create new account from scratch radio button if you want to create an empty account. Provide the first name, last name and email address for this person.

  2. Click the Upload Leap2A file radio button if you want to import an account from another Mahara instance or a system that supports the Leap2A standard. Such a person could have exported their portfolio from another Mahara instance.

  3. Username: Give the new account holder a username. It may contain letters, numbers and most common symbols. It must be from 3 to 236 characters in length. Spaces are not allowed.

  4. Password: Choose a password for the account. The password must be at least six characters long.

  5. The password strength indicator gives you an idea of how strong your password is in relation to the password policy.

  6. Site staff: Switch to ‘Yes’ if the new account holder should have site staff rights. Only site administrators see this option.

  7. Site administrator: Switch to ‘Yes’ if the new account holder should have site administrator rights. Only site administrators see this option.

  8. Institution: Choose the institution of which the person should be a member. You also select the authentication method directly here.

    Note

    If an authentication method requires the use of a remote username, you can enter that on the next screen in the account settings.

  9. File quota: Review the allocated file quota. You may change it here for this person if you are allowed to.

  10. Institution administrator: Switch to ‘Yes’ if the new account holder should have institution administrator rights in the chosen institution.

  11. General account options: Click this link to see default account options that you may choose to change while creating this account. These are the general account options a person can change on the Settings page.

    Note

    You can only define the default account settings for an account, but not force the person to keep them forever. You could only do that by customising the system on the code level.

  12. Click the Create account button.

  13. The person will receive an email with the account details.

11.4.8. Add and update people by CSV

Administration menu → People → Add people by CSV

You can use this function to upload new accounts in bulk via a CSV file (comma-separated file) and to update existing accounts. new in Mahara 22.10 You can also move accounts from one institution into another.

The first row of your CSV file should specify the format of your data. For example, it should look like this:

username,password,email,firstname,lastname,studentid

For new accounts, this row must include:

  • username

  • password

  • email

  • firstname

  • lastname

Note

Mahara also accepts CSV files that have a semicolon as separator instead of a comma.

If you want to update existing accounts, you do not need to set a password and can leave that field off entirely.

Note

You can mix new and existing accounts in your CSV file. When you add a new account, the password field must be present. If you do not wish the password to be changed for existing accounts, leave that field empty for these accounts.

If your site or institution has locked fields or fields that are mandatory, then you do not have to include them as fields in your CSV upload.

Here is the full list of additional fields that you can add in your CSV file upload.

  • address - Street address

  • blogaddress - URL to the blog

  • businessnumber - Work phone number

  • city - City

  • country - Country

  • expiry - Sets the date on which a person’s login is disabled automatically. This needs to be a valid date in the future, e.g.

    • 2019-03-25

    • 25 Mar 2019

    • +3 months

  • faxnumber - Fax number

  • homenumber - Home phone number

  • industry - Industry is displayed in the profile

  • introduction - Introduction is displayed in the profile

  • mobilenumber - Mobile phone number

  • occupation - Occupation is displayed in the profile

  • officialwebsite - Official website

  • personalwebsite - Personal website

  • preferredname - Display name

  • remoteuser - Remote username for external authentication

  • studentid - Student ID is displayed in the profile

  • town - Town

  • userroles - Define the role(s) that a person should have.

Your CSV file could look for example like the following:

username,email,firstname,lastname,studentid,preferredname,remoteuser, password
"percy","percy@pearle.net","Percy","Pearle","","","percy.pearle","mahara1"
"petra","petra@petterson.net","Petra","Petterson","","","petra.petterson","mahara1"
"polly","polly@potter.net","Polly","Potter","","","polly.potter","mahara1"
"admin","admin@mahara.school","Admin","User","","","","mahara1"
"jamesj","james@jetts.com","James","Jetts","","","","mahara1"

When you have created your CSV file, you are ready to upload it.

Add people by CSV file

  1. Institution: Choose the institution and the authentication method for the accounts that you upload and / or change.

    Note

    new in Mahara 22.10 When you use the CSV file to move accounts from one institution to another, beware that the accounts will be removed from all institutions and moved to the new one.

  2. File quota: If you wish, you can set a different file quota for all accounts in the CSV file. Institution administrators can only do so if the site administrator allowed it.

  3. CVS file: You must upload a CSV file by clicking the Browse button and then selecting it from the files area on your computer.

  4. Force password change: If you select this option, people need to change their password before they can log in for the first time.

    Note

    Do not force a password change when you selected an external authentication method such as SAML or LTI as the password is controlled by the external login method.

  5. Email people about their account: Change the switch to ‘Yes’ and people will receive an email with their account information. This is in particular good for internal accounts.

    Note

    For accounts that are managed by an external authentication method such as SAML or LDAP, do not select this option because the account holders already know their login information.

  6. Update accounts: Change the switch to ‘Yes’ if your CSV file contains changes for existing accounts.

    Note

    When you add a new email address for a person to update the account settings, this new email address becomes the primary email address.

    The previously used email address stays in the account as secondary email address until the account holder deletes it.

    Select this option when you want to move accounts from one institution to another.

  7. General account options: Expand this menu to see default account options that you may choose to change while creating or updating accounts. These are the general account options a person can change on the Settings page.

  8. Click the Add people by CSV button to upload and / or change accounts.

Note

Depending on your server settings and / or the size of your installation, you may not be able to upload all accounts at once. You may wish to upload them in bunches of 100 instead.

A progress bar shows the percentage of the completed upload of your accounts.

add_user_csv_progressbar

11.4.9. Change the authentication method and remote username in bulk

After you have successfully invited or added new members into your institution, you can change their authentication method. That can be useful if the authentication method differs from the one in the previous institution and you want to link the new accounts to a remote username using:

  • LDAP directory

  • Moodle accounts via MNet

  • Single sign-on through an IdP provider

Note

The change in the authentication method for existing accounts should be done before people try to log in with their new credentials to avoid the creation of a second account for them.

You can change the authentication method for multiple accounts at once to save you time manually updating each account. Changing the authentication method usually also entails changing the remote username (a.k.a. username for external authentication). Therefore, these two are dealt with together to describe the work flow.

Find accounts in an institution to change their remote username

  1. Go to Administration menu → People → People search.

  2. Click the Advanced options link to show filter options. Select any that you want to use.

  3. If you want to look for a particular name, display name, username, email address, or any partial thereof, type it into the search field. If you turned on the exact search, you need to provide the correct name or email address and not a partial one. The default text in the field shows you in which institution context you perform your search.

  4. If your site has more than one institution, you can limit your search to a particular one.

  5. Click the Search button to see results.

    Note

    If you have more than 10 results, change the Results per page to see more results per page.

  6. Select the persons whose authentication method and remote username you want to change by either putting a check mark in the checkboxes or clicking on All to select all accounts on that page.

  7. Click the Get reports for selected accounts button to proceed to the next step. You are taken to the Account details report page.

Account details reports page

Update the CSV file with remote username and password

Update accounts in bulk

  1. Click the Download button so that you get a CSV file which contains all necessary information for you to change the remote username in bulk. This is necessary if their internal Mahara username is not the same as the one they use to authenticate on your system that is linked to Mahara or if they already have a remote username that would be incorrect for your institution.

    Note

    You do not need to see the column ‘Remote username’ for the data to be in the CSV download. If you wish to see it on screen, click the Configure report button and select the ‘Remote username’ column.

  2. Open the CSV file in your preferred spreadsheet software. In the column remoteuser, add or change the username that your account holders have when authenticating in your regular system that you have connected to Mahara. You may also change other fields, e.g. their name, email address etc. If you want to add a new person directly in this CSV file, you can do so as well.

    Note

    You must provide a password for a new account. All others do not need to have a value in the password field. If you only want to update existing accounts, you can leave the password field entirely off.

    You must remove the column ‘lastlogin’. Mahara will produce an error if you leave it in the file.

  3. Go to Administration menu → People → Add people by CSV.

  4. Institution: Choose the correct current institution and authentication method for the accounts that you are updating.

  5. File quota: Choose a different file quota here if you want to update it for accounts you update.

  6. CSV file: Choose the CSV file from your computer that you had updated.

  7. Force password change: Switch this option to ‘No’ even if you have a password in your CSV file. Since it’s assumed that the accounts you are updating or creating are external accounts, nobody will need or can use their Mahara password.

  8. Email people about their account: Switch this option to ‘No’ as you are only wanting to update the remote username. Therefore, it is assumed that they don’t need to reset their password.

  9. Update accounts: Switch this option to ‘Yes’ because you want to update existing accounts.

  10. General account options: You can make changes to the default account options for everyone, e.g. give them multiple journals by default, change their interface language etc. This will overwrite any changes that the account holders may have made in their personal settings.

  11. Click the Add people by CSV button to start the update. This process may take a little while depending on how many accounts you are changing.

  12. You receive a report on the page upon the successful completion of the upgrade. If the upgrade fails, error messages help you to resolve the problem. No accounts are updated until all errors are resolved.

    Note

    If you intend to update more than 100 accounts at the same time, you may run into problems, and the server may reject your CSV file as the update process is a very memory intense one. If that is the case, you would have to split your CSV file into smaller ones with fewer accounts in them.

You are now ready to update the authentication method for these accounts:

  1. Go to Administration menu → People → People search.

  2. Select the institution in which the members are whom you want to check.

  3. Click the Search button to see results.

  4. Select the accounts for whom you want to change the authentication method.

  5. Click the Edit selected accounts button to proceed to the next step. You are taken to the Bulk actions page page.

  6. You see the remote username in a column.

  7. Click the Change authentication method tab.

  8. Select the institution and authentication method to which you want to change the selected accounts.

  9. Click Change authentication method to make the change.

See also

If you only want to change the authentication method of certain accounts but do not have to worry about a remote username or updating any other information, you can change the authentication method directly on the bulk actions screen without the export of the account details.