Return to Domain_Configuration_Self_Creation.tex CVS log

Up to [LON-CAPA] / loncom / html / adm / help / tex

- Use LaTeX-style single and double quotes.

\label{Domain_Configuration_Self_Creation}

Domain-wide settings are available to set whether users may create their own accounts, and
if so, which types of users may do so, and what types of user information a user self-creating
an account will provide.

In the case of an institutional login, or single sign on (SSO), a user must first authenticate
with an insititutional username and password.  If user information is available from an
institutional data source via a query using the username (mediated via a customized routine in 
localenroll.pm), then that is used to populate appropriate data fields in the user's new LON-CAPA 
account.  A domain configuration is available to specify which fields the user may self-report,
if the corresponding institutional data are unavailable.

Which types of institutional log-in may self-create accounts can be restricted,
institutional status (e.g., Faculty, Staff etc.). The institutional status types are set in the
``Default authentication, language, timezone, portal, types'' item in the domain configuration
(this is a change from 2.10 and earlier, which used custom routines in localenroll.pm for that).

For Shibboleth SSO users, mapping of Shibboleth environment variable names to user data fields 
can be set, so that the appropriate user information is stored at account creation time.

Self-creation of user accounts may also be enabled for non-institutional login.  In this case
the user will provide an e-mail address as a username, and will also set a password.  The user must
have access to e-mail sent to that address, as completion of the account creation process requires 
submission of a link (containing a token), sent to the e-mail address.

In order to discourage creation of multiple accounts by a single user when self-creation is
available in a domain for both insitutional log-in and e-mail address as username, a domain
may want to consider implementing format rules which prohibit self-created accounts 
from using certain types of e-mail address as the username.

If a user attempts to self-create an account employing a username with an e-mail address
in a format which matches a defined rule, the action does not proceed, and
the user is directed to create an account with the corresponding institutional
log-in. In this case, account creation can only occur once the user has authenticated using that 
log-in.

Self-created accounts with an e-mail address as username can be set to be queued for approval 
or created automatically. Institutional status types can be set to be self-reported for e-mail
type usernames -- set in the ``Default authentication/language/timezone/portal/types'' area -- 
and processing (queued or automated) can be set, based on status.

User information (in addition to e-mail address and password) can be set to be required, optional
or not requested.

A Captcha mechanism can be used to validate that the user requesting a self-created account is
a person, not a script.  There are two types of CAPTCHA to choose from -- the ``original'' CAPTCHA, 
which uses a self-contained perl module included with the LONCAPA prerequisites, or ReCAPTCHA,
or ReCAPTCHA, which uses an external web service -- https://google.com/recaptcha --
and requires you to create an account and generate public and private keys which will be entered
in the LON-CAPA domain configuration form.  If you have more than one server in your domain, 
you should request ``global'' keys on the google.com/recaptcha site, as the same keys will be
used by the Account creation form's ReCAPTCHA on all servers in your domain.