8.5. インスティテューション

You can use Mahara as multi-tenanted instance. That means that several different institutions can share one Mahara installation. That allows users from these different institutions to:

  • お互いにポートフォリオページを共有する
  • それぞれのページにフィードバックを投稿する
  • インスティテューションの境界を横断してグループで共同作業をする

In the Site Administration you can set up as many institutions as you wish. Institution administrators can only administer their users but not make any changes to site settings.

You can also use the possibility to set up institutions if you wish different parts of your organisation to use different themes, have different default settings and / or authentication methods.

8.5.1. 概要

On Site Administration -> Institutions -> Institutions you see an overview of all institutions that exist on this Mahara installation.

Overview page for institutions

Overview page for institutions

  1. Search for a particular institution by its name.
  2. Institutions are listed alphabetically
  3. Number of registered members in this institution
  4. Maximum allowed members in this institution
  5. Number of institution members with staff rights
  6. Number of institution members with institution administrator rights
  7. インスティテューション設定を変更するには、編集 ボタンをクリックしてください。
  8. インスティテューションを削除するには、削除 ボタンをクリックしてください。あなたはメンバーのいないインスティテューションのみ削除することができます。
  9. Click the Add Institution button when you want to create a new institution.
  10. Click the Edit Members button when you want to add or remove members from an institution.
  11. Click the Edit Staff button when you want to add or revoke staff rights for an institution member.
  12. Click the Edit Admins button when you want to add or revoke institution administrator rights for an institution member.

注釈

The institution 「No Institution」 is the default 「institution」. It cannot be deleted as it is the standard Mahara site.

8.5.2. インスティテューションを追加する

When you want to add an institution by clicking on the Add button on Site Administration -> Institutions -> Institutions, you need to fill in basic information. You can change all the settings except the institution name later on.

Add a new institution

Add a new institution

  1. インスティテューション名: このフィールドは必須フィールドです。このインスティテューションに関するデータベース内のユニークな識別子です。数字および記号以外の半角英字のみ使用してください。
  2. インスティテューション表示名: このフィールドは必須です。サイトをとおして、すべてのユーザがこのインスティテューションを識別するための名称です。
  3. Institution expiry date: Set the expiry date for this institution by selecting the year, month and day from the drop-down menus when taking the checkmark off the 「Not specified」 check box. Institutions do not expire by default.
    • If you specify an expiry date for this institution, two things will happen. Once the warning time for institution expiry has been reached, site and institution administrators will be emailed about this institution’s impending expiry.
    • If the auto-suspend expired institutions option is set, then once the expiry date has been reached, this institution will be automatically suspended, and users of this institution will no longer be able to log in.
    • The warning time for institution expiry and the auto-suspend expired institutions options can be found in the institution settings under Site Administration -> Configure Site -> Site options.
  4. Registration allowed? Check this box when you want to allow self-registration of new users. As institution administrators, you will be asked to confirm that users can join your institution. If you decline, their account will be associated with 「No Institution」. When you do not allow registration, nobody can ask to join your institution or leave it without your permission.
  5. Default membership period: You can set how long users will remain associated with this institution per default. Choose an option from the drop-down menu and then specify the number of days, weeks, months or years. After this length of time, the users will be removed from the institution. Users will receive an email before this time reminding them that they will be removed soon. However, that does not mean that they will lose their account. They will still have that.
  6. Theme: Use the drop-down menu to choose the theme that you wish to use for this institution. All pages in that institution will receive that theme. When users from other institutions view portfolio pages that were created in this institution, they will see this institution’s theme on these pages. If Site Default is selected, when a site administrator changes the site default theme, the theme for the users of this institution will change, too. You can install more themes in the theme folder on the server. Check out the community-contributed themes.
  7. Maximum user accounts allowed: Specify the maximum number of accounts that can be created in this institution. If you leave this field blank, there is no limit to the number of accounts.
  8. Locked fields: Put a check mark into each check box for which users are not allowed to change the value. Disabled check boxes are for profile fields which are locked in the institution settings for 「No Institution」. These profile fields are locked at the site level and cannot be unlocked for individual institutions.
  9. あなたの変更を保存して、このインスティテューションを作成するには、送信 ボタンをクリックしてください。
  10. このインスティテューションの作成を中止するには、キャンセル ボタンをクリックしてください。

注釈

Locking profile fields such as first name, last name and display name can be beneficial for institutions that wish to always identify their users by their real names and not allow users to choose nick names.

8.5.3. Edit an institution

Once you have created your institution, you can edit its settings or also suspend the institution. You will have to choose at least one authentication method for this institution so that user accounts can be created.

注釈

Only site administrators can add, edit and delete authentication methods for an institution and suspend it.

You can add multiple authentication methods to your institution and thus allow various entry points for your users. You should set up at least one authentication method. Otherwise, nobody can log in to this institution.

Before you can use the IMAP, LDAP, SAML or XMLRPC authentication methods, you must install their extensions:

警告

Be careful when choosing the 「None」 authentication method. This allows anyone to log in. It should only be used for testing purposes.

8.5.3.1. IMAP authentication

You can use this authentication method to receive the login information for your users from your IMAP server.

Set up IMAP authentication

Set up IMAP authentication

  1. Authority name: Enter a descriptive name to help you identify this authority. Preferably, choose a short name. This field is required.
  2. Hostname or address: Specify the hostname in URL form. This field is required.
  3. Port number: Specify the port under which your IMAP server can be reached. The default is 143. This field is required.
  4. Protocol: Selecte the IMAP protocol you are using by selecting it from the drop-down menu. This setting is required:
    • IMAP
    • IMAP / SSL
    • IMAP / SSL (self-signed certificate)
    • IMAP / TLS
  5. Password-change URL: If your users can only change their password in one central space, provide the URL here.
  6. Click the Submit button to save your changes.
  7. Click the Cancel button to abort your changes.

8.5.3.2. LDAP authentication

Use this authentication method to authenticate again an LDAP server so that your users can log in with their usual login and password.

Set up LDAP authentication

Set up LDAP authentication

  1. Authority name: Enter a descriptive name to help you identify this authority. Preferably, choose a short name. This field is required.
  2. Host URL: Specify hosts in URL form, e.g. ldap://ldap.example.com. Separate multiple servers with ; for failover support. This field is required.
  3. Contexts: List the contexts where users are located. Separate different contexts with ;, e.g. ou=users,o=org;ou=other,o=org. This field is required.
  4. User type: Select from the drop-down menu how users are stored in the LDAP directory. This field is required. You can choose between:
    • Novell Edirectory
    • posixAccount (rfc2307)
    • posixAccount (rfc2307 bis)
    • sambaSamAccount (v. 3.0.7)
    • MS Active Directory
    • default
  5. User atrribute: Enter the attribute used to search for users. It is often cn. This field is required.
  6. Search subcontexts: Select 「Yes」 if you want to search for the users also in subcontexts. This setting is required.
  7. Distinguished name: If you want to use bind-user to search users, specify it here. It should look something like cn=ldapuser,ou=public,o=org. Leave this blank for anonymous bind.
  8. Password: Enter the password for the 「distinguished name」.
  9. LDAP version: Choose the LDAP version you are using from the drop-down menu. This setting is required.
  10. TLS encryption: Check this box if you use this encryption mechanism.
  11. Update user info on login: Check this box to update the first name, last name and email address with the corresponding LDAP values at each login. Enabling this option may prevent some MS ActiveDirectory sites / users from subsequent Mahara logins.
  12. We auto-create users: Check this box to create user accounts on Mahara automatically when a user autheticates successfully but does not yet have an account.
  13. 姓のLDAPフィールド: ユーザの姓を含むLDAPレコードのフィールド名を入力してください。
  14. 名のLDAPフィールド: ユーザの名を含むLDAPレコードのフィールド名を入力してください。
  15. メールのLDAPフィールド: ユーザのメールアドレスを含むLDAPレコードのフィールド名を入力してください。
  16. Click the Submit button to save your changes.
  17. Click the Cancel button to abort your changes.

8.5.3.3. SAML authentication

Choose this authentication method for your institution when you have a SAML 2.0 Identity Provider Service set up for your organisation that allows you to use the same login for multiple applications.

SAML 2.0 authentication

SAML 2.0 authentication

  1. Institution attribute (contains 「…」): Enter the attribute that will be passed from the Identity Provider (IdP) that shows which institution the user belongs to. These usually directly correlate to LDAP attributes (the signin service of the IdP), e.g. eduPersonOrgDN. This field is required.
  2. Institution value to check against attribute: Enter the value that will be checked against the institution attribute value as passed from the IdP. If the institution regex checkbox is selected, this value can be a regular expression that will be used to check against the institution attribute value. This field is required.
  3. Do partial string match with institution shortname: Check this check box to treat the value in 「Institution value to check against attribute」 like a regular expression.
  4. User attribute: Enter the name of the attribute passed by the IdP that contains the username. This field is required.
  5. Match username attribute to remote username: Check this box if you want to match the user attribute value to the remote username field assigned to a given user (not the real Mahara username).
  6. Update user details on login: Check this box to update the first name, last name and email address with the corresponding IdP values passed through at each login.
  7. We auto-create users: Check this box to create user accounts on Mahara automatically when a user autheticates successfully but does not yet have an account.
  8. SSO field for First Name: Enter the name of the attribute passed by the IdP that contains the user’s first name.
  9. SSO field for Surname: Enter the name of the attribute passed by the IdP that contains the user’s last name.
  10. SSO field for Email: Enter the name of the attribute passed by the IdP that contains the user’s email address.
  11. Click the Submit button to save your changes.
  12. Click the Cancel button to abort your changes.

警告

This security issue only affects sites which make use of the SAML authentication plugin and have more than one SAML identity provider.

By default, SAML authentication instances have the 「Match username attribute to Remote username」 setting unchecked. This means that a user logging in using single sign-on will log in as the local Mahara user whose Mahara username matches their SAML username attribute.

In this configuration, someone with control over any SAML identity provider could gain control over any user account on that Mahara site by setting the username attribute appropriately. In other words, administrators of one institution could control users in other institutions.

To fix this, site administrators of multi-institution sites with SAML authentication in use should ensure that the 「Match username attribute to Remote username」 setting is enabled in each SAML-enabled institution, unless usernames are guaranteed to be unique across all SAML providers.

8.5.3.4. MNet / XMLRPC authentication

Use the XMLRPC authentication for connection a Mahara instance to a Moodle or other Mahara installation for sharing login information. With Moodle 2 that does not only mean that you can log in to Mahara via Moodle, but also that you can transfer certain activities into your Mahara portfolio from Moodle.

A Moodle site can only be connected to Mahara once no matter how many institutions you have set up.

注釈

You must have networking enabled in order to use this authentication method.

Set up MNet authentication

Set up MNet authentication

  1. Authority name: Enter a descriptive name to help you identify this authority. Preferably, choose a short name. This field is required.
  2. WWW root: Enter the web address of the root of the remote application, e.g. http://example.com. This field is required.
  3. Site name: Enter the name to present to your users to identify the remote site. If you enable SSO, they may click on this name to start a session at the remote site. This fiel is required.
  4. Application: Choose the application on the other end. You can choose between 「Mahara」 and 「Moodle」.
  5. Port number: Enter the port number that the remote application is listening at. You probably will not need to change this unless you are connecting to a https service or your remote application is running on a non-standard port. This field is required.
  6. Parent authority: If you set a parent authority from the already existing authentication methods, users will be able to log in using that authority as well as MNet. For example, you could set up LDAP authentication and have that be the parent of this MNet authority. That means that users will be able to log in via Mahara’s in-built login form using their LDAP credentials as well as via MNet from their Moodle. You do not have to set a parent authority. If you do not, users using MNet will only be able to access Mahara via MNet, i.e. log in to Moodle or the other Mahara first.
  7. Wrong login box message: Enter a message to display when a user tries to log in via Mahara’s login form but is not allowed to if you have not set up a parent authority.
  8. SSOの方向: あなたのSSOの方向をドロップダウンメニューより選択してください:
    • They SSO in: Enable this option to allow users from the remote site to roam to your Mahara site without having to enter their username and password.
    • We SSO out: Enable this option to allow your users to roam from Mahara to the remote site without having to enter their username and password there.
  9. Update user info on login: Enable this option to bring over user data from the remote site upon login and update your Mahara user record with any changes. The following fields, when filled in on Moodle, are filled in Mahara:
    • 名 (常に継承)
    • 姓 (常に継承)
    • メールアドレス (常に継承)
    • プロファイル写真
    • 説明 (Maharaのイントロダクション)
    • 都道府県
    • 言語
    • HTMLエディタ設定
  10. We auto-create users: Check this box to create user accounts on Mahara automatically when a user autheticates successfully but does not yet have an account.
  11. We import content: Not all network-enabled applications support this, but if they do, e.g. Moodle 2.x, this will allow users of the remote site to import content to Mahara. It depends on the option 「They SSO in」 from 「SSO direction」 and it is sensible to also have 「We auto-create users」 set.
  12. Click the Submit button to save your changes.
  13. Click the Cancel button to abort your changes.

参考

Refer to the comprehensive guide about setting up Mahoodle, the combination of Mahara and Moodle, for step-by-step instructions on how to set everything up on the Moodle side and on Mahara. The guide explains the steps for both Moodle 1.9 and Moodle 2.x.

8.5.3.5. 認証方法順

If you have set up multiple authentication methods in one institution, you can decide on the order in which are checked.

Order of authentication methods

認証方法順

  1. リスト内の特定の認証方法を移動するには、上矢印 および 下矢印 を使用してください。
  2. 削除 リンク [x] をクリックすることにより、特定の認証方法を削除します。

注釈

You cannot delete an authentication method when there are still users who require it to log in. Before deleting an authentication method, you have to move the users to another authentication method.

8.5.4. メンバー

Under Institutions -> Members you can add and remove members from one institution in bulk. As site administrator, you can always add members to an institution. As institution administrator, you can only invite users to become members.

ユーザを少なく表示するためフィルタして、あなたのインスティテューションに、さらに簡単にユーザを追加または削除することができます。

  • インスティテューションのメンバーシップをリクエストしたユーザ
  • インスティテューションメンバーシップをリクエストしていない人
  • すでにインスティテューションのメンバーになっているユーザ

8.5.4.1. インスティテューションのメンバーシップをリクエストしたユーザ

あなたのインスティテューションが自己登録を許可している場合、あなたのインスティテューションのメンバーではないユーザは参加をリクエストすることができます。

参考

You can check your settings on self-registration:

  • when you are an institution admin: Institution administration -> Manage institutions -> Settings -> Registration allowed?
  • when you are a site admin: Site administration -> Institutions -> click the Edit button edit next to the institution you want to check -> Registration allowed?

Users can ask to join an institution on their institution membership page.

Institution administrators receive notifications about membership requests. Site administrators only receive notifications about users wanting to join 「No Institution」.

Accept or decline institution membership request

Deal with an institution membership request

  1. 表示するユーザ: Choose インスティテューションメンバーシップをリクエストしたユーザ を選択してください。
  2. Institution: Choose from the drop-down menu to which institution you wish to add users. If there is only one institution, its name will be displayed without the drop-down menu.
  3. メンバーシップをリクエストしたユーザ: あなたがインスティテューションに追加したいユーザを選択してください。
  4. 検索: 多くの氏名が一覧表示されている場合、あなたは * 検索* ボックスにて、ユーザを検索することもできます。
  5. 右矢印 ボタンをクリックすることにより、ユーザを追加します。
  6. Users to be added / rejected: If you put users into the box for users to be added / rejected by accident, you can remove them from that list by clicking on them.
  7. そして 左矢印 ボタン left-arrow をクリックしてください。リストから削除されます。
  8. あなたがインスティテューションに追加したいユーザすべてを選択した場合、メンバーを追加する ボタンをクリックしてください。
  9. Alternatively, if you wish to decline users membership, you can select them and then send a general denial by clicking on the Decline requests button.

8.5.4.2. まだメンバーシップをリクエストしていないユーザ

An admin can also take the initiative and invite users into an institution.

Invite users to become institution members

Invite users to become institution members

  1. 表示するユーザ: まだメンバーシップをリクエストしていないユーザ を選択してください。
  2. Institution: Choose from the drop-down menu to which institution you wish to invite users. If there is only one institution, its name will be displayed without the drop-down menu.
  3. 非メンバー: あなたがインスティテューションに招待したいユーザを選択してください。
  4. 検索: 多くの氏名が一覧表示されている場合、あなたは * 検索* ボックスにて、ユーザを検索することもできます。
  5. 右矢印 ボタンをクリックすることにより、ユーザを 招待されるユーザ リストに追加することができます。
  6. あなたが間違ってユーザをボックスに入れて招待してしまった場合、クリックすることでリストから削除できます。
  7. そして 左矢印 ボタン left-arrow をクリックしてください。リストから削除されます。
  8. When you have all the members you wish to invite to the institution, click the Invite users button.
  9. The users receive a notification and can accept or decline the institution membership invitation.

8.5.4.3. すでにインスティテューションのメンバーになっているユーザ

You can remove users from an institution, e.g. if they are no longer students at a school or university, but should still have an account on Mahara or when they are just switching institutions on the same Mahara instance.

Remove users from an institution

Remove users from an institution

  1. 表示するユーザ: すでにインスティテューションのメンバーになっているユーザ を選択してください。
  2. Institution: Choose from the drop-down menu which institution’s members you wish to display. If there is only one institution, its name will be displayed without the drop-down menu.
  3. 現在のメンバー: あなたがインスティテューションから削除したいユーザを選択してください。
  4. 検索: 多くの氏名が一覧表示されている場合、あなたは * 検索* ボックスにて、ユーザを検索することもできます。
  5. Add the users to the list Users to be removed by clicking on the right-arrow button right-arrow.
  6. 間違ってユーザを削除するためのボックスに入れてしまった場合、あなたはリスト内のユーザをクリックして取り除くことができます。
  7. そして 左矢印 ボタン left-arrow をクリックしてください。リストから削除されます。
  8. あなたのインスティテューションから削除したいユーザすべてを選択した後、ユーザを削除する ボタンをクリックしてください。

8.5.5. インスティテューションスタッフ

You can give users staff rights in an institution in which they are members. The staff role will allow them to create course groups. This page allows you to do that in bulk for many users at once.

参考

You can also give staff rights on the user account settings page.

Give users institution staff rights

Give users institution staff rights.

  1. インスティテューション: あなたがスタッフ権限を与えたいメンバーのインスティテューションをドロップダウンメニューから選択してください。
  2. Institution Members: Select the institution members who shall get staff rights.
  3. 検索: 多くの氏名が一覧表示されている場合、あなたは * 検索* ボックスにて、ユーザを検索することもできます。
  4. Add the users to the list Institution Staff by clicking on the right-arrow button right-arrow.
  5. If you put a user into the institution staff list by accident or want to remove existing staff members and return them to normal membership status, select them.
  6. そして 左矢印 ボタン left-arrow をクリックしてください。リストから削除されます。
  7. あなたがインスティテューションスタッフにしたいユーザすべてを選択した後、送信 ボタンをクリックしてください。

8.5.6. インスティテューション管理者

You can give users admin rights in an institution in which they are members. The administrator role will allow them to manage users in their own institution. This page allows you to do that in bulk for many users at once.

参考

You can also give admin rights on the user account settings page.

Give users institution admin rights

Give users institution admin rights.

  1. インスティテューション: あなたがユーザに管理者権限を与えたいインスティテューションをドロップダウンメニューから選択してください。
  2. Institution Members: Select the institution members who shall get admin rights.
  3. 検索: 多くの氏名が一覧表示されている場合、あなたは * 検索* ボックスにて、ユーザを検索することもできます。
  4. Add the users to the list Current Admins by clicking on the right-arrow button right-arrow.
  5. If you put a user into the institution admin list by accident or want to remove existing admin members and return them to normal membership status, select them.
  6. そして 左矢印 ボタン left-arrow をクリックしてください。リストから削除されます。
  7. あなたがインスティテューション管理者権限を与えたいユーザすべてを選択した場合、送信 ボタンをクリックしてください。

8.5.7. インスティテューションページ

You can create pages for your entire institution. Although you could always create pages under a regular user account that other users could copy into their own portfolio, the advantage of institution pages is that new members in the institution can receive a copy upon joining the institution.

Create institution pages

Create institution pages

  1. When you are in Site administration -> Institutions -> Pages, click on the institution in the drop-down menu for which you want to create or edit institution pages.
  2. If you have a lot of institution pages, you can search for a particular one by searching for it. You can search in the title, description and tags or only in tags.
  3. Click on the Create Page button to start a new institution page.
  4. Click on the Copy Page button to start a new page from a copy of an already existing one. This does not have to be an institution page but can be any page that you are allowed to copy.
  5. あなたがすでに作成しているインスティテューションページを表示します。
  6. Click on the Edit button edit to change an existing institution page.
  7. click on the Delete button delete to delete an institution page.

注釈

Creating and editing an institution page is very similar to creating and editing a portfolio page. Not all blocks are available when editing an instituion page in the page editor though due to the different context. Please refer to the overview of blocks for a list of all the blocks that you can use in an institution page.

8.5.8. インスティテューションページを共有する

You can see a list of all institution pages from an institution under Site administration -> Institutions -> Share.

Share institution pages

インスティテューションページを共有する

  1. Select the institution from the drop-down menu for which you want to see the institution pages.
  2. ページ: ここにインスティテューションのインスティテューションページすべてが一覧表示されます。
  3. アクセスリスト: ページのアクセスパーミッションを表示します。
  4. Click on the Edit Access button edit_access to change the permissions of who can view and copy a page.
  5. ページのシークレットURL定義するには、シークレットURL 編集ボタンをクリックしてください。

Sharing an instution page is very similar to sharing a portfolio page. The only difference is that you can allow new institution members to receive a copy of an institution page immediately upon joining the institution.

Setting for copying an institution page for new institution members

Setting for copying an institution page for new institution members

  1. When you clicked on the Edit Access button edit_access on the Share page for institution pages, click on the check box Allow copying under Advanced Options.
  2. Once you have put a check mark into that box, the line Copy for new institution members will appear and you can place a check mark into that box if you wish all new institution members to receive that page automatically.

8.5.9. ファイル

The files area in an institution holds all files that are uploaded by institution administrators as institution files. The uploading process works as the one in the personal files.