Commit e16b8307 authored by Kristina Hoeppner's avatar Kristina Hoeppner
Browse files

admin/institutions: Add max. allowed groups to institution settings

New feature in Mahara 22.04: A site admin can
specify the maximum number of groups allowed
in an institution to more easily manage that
(Bug #1947643).

Also updated a couple of other small things
like authentication method.
parent c2f252c5
......@@ -32,7 +32,7 @@ Overview
*Administration menu → Institutions → Settings*
As site administrator, you see an overview of all institutions that exist on your Mahara instance. Institution administrators only see the institution(s) for which they are an administrator.
As site administrator, you see an overview of all institutions that exist on your Mahara instance. Institution administrators only see the institution(s) that they can manage.
.. note::
Institution administrators who manage only one institution do not see this page and are taken immediately to the settings for their only institution.
......@@ -44,11 +44,21 @@ As site administrator, you see an overview of all institutions that exist on you
#. **Search**: Search for a particular institution by its name and then click the *Search* button.
#. Click the *Add institution* button when you want to create a new institution. This button is only visible to site administrators.
#. Click the *Edit with three dots* button |edit with three dots| to edit institution members, staff, and administrators.
#. Click the *Edit with three dots* button |edit with three dots| to edit institution members, staff, support administrators, and administrators.
#. **Institution**: Institutions are listed alphabetically. If you click the institution's name, you are taken to the contacts page.
.. note::
The institution 'No institution', shortname 'mahara', is the 'site institution' and cannot be deleted. While most site settings are set in the :ref:`Site options <site_options>`, some are set in the institution settings when they can be changed by individual institutions.
#. **Short name**: The institution's short name. If you set up an institution manually, it converts that name into a lower case shortname. If you create institutions automatically, e.g. via web services or SAML, it is generated based on parameters set out by the automatic process.
#. **Members**: Number of registered members in this institution.
#. **Maximum**: Maximum allowed members in this institution. If an institution has a maximum set, and it is reached, any potential new members will be rejected. The site and institution administrator receive a notification to take further steps.
#. **Maximum members**: Maximum number of allowed members in this institution. If an institution has a maximum set, and it is reached, any potential new members will be rejected. The site and institution administrator receive a notification to take further steps.
#. |new in Mahara 22.04| **Groups**: :index:`See <single: New in Mahara 22.04; Number of groups per institution>` how many groups are associated with an institution.
#. |new in Mahara 22.04| **Maximum groups**: :index:`Maximum <single: New in Mahara 22.04; View maximum allowed groups per institution>` number of allowed groups in the institution. If the maximum is reached, no more groups can be created unless the site increases this limit.
.. note::
When the limit is reached, an error message is displayed to the person wanting to create the group. They are asked to contact their institution administrator as they would know if they can ask the site administrator to increase the number of groups for their institution.
#. **Staff**: Number of institution members with staff rights in this institution.
#. **Administrators**: Number of institution members with institution administrator rights.
#. Click the *Manage connections* button |connect| to change web services connections for this institution.
......@@ -59,9 +69,6 @@ As site administrator, you see an overview of all institutions that exist on you
#. Click the *Manage* button |manage| to change institution settings.
#. Click the *Delete* button |delete| to delete an institution. You can only delete an institution when there are no members in it.
.. note::
The institution 'No institution' is the default 'institution'. It cannot be deleted as it is the standard Mahara site.
.. index::
pair: Institution; Add institution
single: Account registration confirmation
......@@ -94,7 +101,7 @@ When you want to add an institution by clicking the *Add institution* button on
|institution shortname|
#. **Institution expiry date**: Click into the field to select a date. If you leave the field empty, the institution does not have an expiry date.
#. **Institution expiry date**: Click into the field to select a date. If you leave the field empty, the institution does not have an expiry date. This setting cannot be changed by an institution administrator.
* If you specify an expiry date for this institution, once the warning time for institution expiry has been reached, site and institution administrators will receive a otification about this institution's impending expiry.
* If the *auto-suspend expired institutions* option is set, then once the expiry date has been reached, this institution will be suspended automatically, and members of this institution will no longer be able to log in.
......@@ -145,18 +152,19 @@ When you want to add an institution by clicking the *Add institution* button on
If you are not sure which default license to choose, please consult your organisation's lawyer or a copyright lawyer.
#. **Default quota**: You can set the amount of file quota new members registering with this institution shall have.
#. **Update account quotas**: Switch to 'Yes' if you want to apply the default quota you choose above to all existing institution members.
#. **Update account quotas**: Switch to 'Yes' if you want to apply the default quota you choose above to all existing institution members. This setting cannot be changed by an institution administrator.
#. **Allow public institution portfolios**: Switch to 'Yes' if you want to allow members belonging to this institution to create portfolio pages and collections that are accessible to the public rather than only to registered people. If you allow public pages, members can also create secret URLs for their pages. Otherwise they cannot.
#. **Allow peers to see portfolio content**: :index:`Per <single: Peer assessment; Allow peers to see portfolio content>` default, account holders who have the 'Peer' role on a portfolio do not see the content on portfolio pages, allowing for a blind review. This setting can change that though for any portfolio by an account holder who is a member of this institution.
.. seealso::
Peers can give a peer assessment via the :ref:`'Peer assessment' block <peer_assessment_block>`.
#. **Maximum number of accounts allowed**: Specify the maximum number of accounts that can be created in this institution. If you leave this field blank, there is no limit to the number of accounts.
#. **Maximum number of accounts allowed**: Specify the maximum number of accounts that can be created in this institution. If you leave this field blank, there is no limit to the number of accounts. This setting cannot be changed by an institution administrator.
.. note::
:index:`When the maximum number of accounts has been reached <single: Notification to administrators about full institution membership quota>` and another person tries to register for the institution, the site administrator as well as the institution administrator for that institution receive a notification. That allows them to take further steps.
#. |new in Mahara 22.04| **Maximum number of groups allowed**: Decide how many groups can be created in this institution. If you leave this field blank, there is no limit to the number of groups. This setting cannot be changed by an institution administrator.
#. **Portfolio completion**: Allow portfolio authors to add the :ref:`'Portfolio completion' progress page <portfolio_completion>` to the start of their collection.
#. **Allow SmartEvidence**: :index:`Activate <single: SmartEvidence: Active frameworks for an institution>` :ref:`SmartEvidence <smartevidence>` if you want your institution members to work with it.
#. **Allow institution tags**: :index:`If <single: Institution tags>` set to 'Yes', you can set up tags for the members of your institution to use in their portfolios.
......@@ -332,13 +340,13 @@ Edit an institution
Once you have created your institution, you can :ref:`edit its settings <add_institution>`, suspend, or delete the institution. You will have to choose at least one authentication method for this institution so that accounts can be created.
.. note::
Only site administrators can add, edit and delete authentication methods for an institution and suspend it. An institution can only be deleted if there are no members in it.
Only site administrators can add, edit, and delete authentication methods for an institution and suspend it. An institution can only be deleted if there are no members in it.
You should set up at least one authentication method. Otherwise, nobody can log in to this institution. You can add multiple authentication methods to your institution to account for different members and how they are allowed to authenticate. That means for example for a university:
* Faculty and students could log in with their standard login and password if that is governed by LDAP / Active Directory (:ref:`LDAP authentication <ldap>`) or single sign-on such as SAML (:ref:`SAML authentication <saml>`).
* They could also log in via Moodle as that can be added as secondary authentication method for other methods like LDAP or single sign-on (:ref:`XML-RPC / MNet authentication <mnet>`).
* Alumni could have their MNet / LDAP authentication changed to the internal authentication once they finish their studies.
* Faculty and students could log in with their standard login and password if that is governed by LDAP / Active Directory (:ref:`LDAP authentication <ldap>`) or single sign-on such as SAML or OpenID Connect if a SAML bridge is used (:ref:`SAML authentication <saml>`).
* They could also log in via an LMS using :ref:`LTI <lti>` as that can be added as secondary authentication method for other methods like LDAP or single sign-on.
* Alumni could have their SAML / LTI / LDAP authentication changed to the internal authentication once they finish their studies.
* External assessors who do not have a university login, can be given the internal authentication so that they can receive a login, but the university administration does not have to issue a login which would give them access to other infrastructure as well.
All these then still log in to the same Mahara institution. Alternatively, you could also separate the accounts into their own institutions on your Mahara installation if that is more appropriate for your use case. This could mean for the above example:
......@@ -347,7 +355,7 @@ All these then still log in to the same Mahara institution. Alternatively, you c
* Alumni are placed into the institution 'Alumni' for easier account management as you could have the alumni coordinator manage these. Having them in a separate institution on Mahara would allow you to see who an alumni is. Additionally, they could receive a slightly different university theme that is geared towards alumni, and they can also receive different messages on their dashboard.
* External assessors who are placed into the separate institution 'Assessors' could be managed by an administrator who is the liaison for them without giving that administrator access to the account management of all other university members. They can receive the standard university theme, but receive different messages on their dashboard.
Before you can use the IMAP, LDAP, SAML or XML-RPC authentication methods, you must install their extensions on your server.
Before you can use the IMAP, LDAP, SAML, or XML-RPC authentication methods, you must install their extensions on your server.
.. figure:: /images/administration/institution_authentication_plugins.*
:alt: Plugins available for authentication in an institution
......@@ -370,7 +378,12 @@ Before you can use the IMAP, LDAP, SAML or XML-RPC authentication methods, you m
This should only be used for testing but not on a live site as you can't control who can receive an account.
* **SAML**: A :ref:`SAML 2.0 Identity Provider Service is needed <saml>` that has the accounts.
* **Web services**: This is used primarily for authentication via :ref:`LTI <lti>`.
* **XML-RPC**: This is the authentication method :ref:`used for MNet to connect Mahara with Moodle or another Mahara <mnet>`.
.. note::
The preferred authentication method to connect Moodle and other learning management systems is :ref:`LTI <lti>`. MNet is still available for organisations that haven't switched to LTI yet.
#. Click the *Add* button to see the configuration screen for an external authentication method before it is added.
#. Click the *Delete* icon |delete icon| to remove an authentication method from an institution. You can only do so when nobody is associated with that authentication method any more.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment