13.3. Use LTI with a second authentication method

You can allow your account holders to log in via LTI 1.1 or LTI Advantage and another authentication method within the same institution. There are two possible ways:

  1. People log in via Mahara first and only then via LTI.

  2. People log in via LTI first and then via Mahara.

The first case, people log in via Mahara initially, is the easier one as you don’t have to adjust their account settings manually. If people log in via LTI first, their authentication method needs to be adjusted so that they don’t end up with two accounts.

Technically, you can use any authentication method that you have available in Mahara as second authentication method for LTI, including MNet. However, since MNet doesn’t allow you to log in via the Mahara homepage and LTI is a replacement for MNet, this authentication method is not mentioned as one to be connected.

Set a parent authentication method for LTI

  1. Click the Manage button next to the LTI app on Administration menu → Web services → External apps.

  2. Institution: The institution for which you created the LTI app is listed.

  3. Auto-create accounts: Flip the switch to ‘Yes’ if you want to allow anybody who has access to the LTI link to create an account automatically.

  4. Parent authority: Select the authentication method that should be the parent to LTI thus allowing people to log in directly via both and be in the same account.

13.3.1. Log in via Mahara and then LTI

Your account holders can log in via Mahara and the LMS.

  1. Ensure that the authentication method that your account holders shall use is set up for your institution.

  2. Make sure that you have web services set up as authentication method as well for your institution.

  3. Set up the consumer secret and key for the LTI integration as described under ‘Enable LTI for an institution’

  4. Complete the setup of the integration on your LMS of choice.

  5. Ask people to log into Mahara first, set up their accounts manually or via a CSV file, synchronize their accounts via LDAP, or have accounts auto-created by SAML on first login.

As a person:

  1. Log in on the Mahara homepage.

  2. Your account is set up if it doesn’t already exist.

  3. Go to your LMS.

  4. Click the link that takes you into your portfolio. You can often find that link in the course in which you are asked to create a portfolio or on your profile page in your LMS.

  5. You get access to the same account that you had already set up on Mahara.

13.3.2. Log in via LTI and then Mahara

If you want People to log in via LTI first and then Mahara, you need to change the authentication method of the accounts to make the second authentication method, i.e. internal, LDAP, SAML or IMAP, the primary one. If you don’t do that, a second account will be created.

The following describes the work flow and includes the steps that you need to take in order to allow a person to log in via both authentication methods if they logged in via LTI first.

  1. Ensure that the authentication method that people shall use is set up for your institution.

  2. Make sure that you have web services set up as authentication method as well for your institution.

  3. Set up the consumer secret and key for the LTI integration as described under ‘Enable LTI for an institution’.

  4. Complete the setup of the integration on your LMS of choice.

  5. People go to the LMS and click the link to the portfolio, which creates an account for them.

    Warning

    If you leave things here and don’t continue with the next steps, and people log in via the Mahara homepage, they will have a second account created.

  6. Change the authentication method of the account to the non-LTI one. In the case of single sign-on via the SAML plugin, you will also need to provide a remote username.

    See also

    You can learn how to change the authentication method for internal and LDAP accounts and for accounts that require a remote username.