help logoLON-CAPA Help

Identity management in a LON-CAPA domain is dependent on settings made for user creation and user modification. Of particular concern is the potential for assignment of usernames in a format used by your institution when the username does not yet exist. In such a case, authentication is likely to be set to be "internal", and should a real user be created in the future, and be enrolled in a course by auto-enrollment, the user would either be unable to authenticate (using LON-CAPA log-in page), or would be authenticated by SSO, and have access to the original user's roles and associated information.

It is important therefore to establish format rules for new usernames so the only users created with institutional-type usernames are the real users themselves with the appropriate authentication type (Kerberos or localauth). Even without format rules, the Domain Coordinator can set who can create new users, and the authentication types that may be set in different context.

The domain-wide options available for user creation are:

The format rules themselves are defined by customizing the following routines in

When enforced the user name and ID rules require that if a username and/or ID which matches the format for an active rule is to be used in LON-CAPA, they must exist in the institutional directory. If they exist, the corresponding user information (first name, middle name, last name, e-mail address) will be used when creating the new user account. If they do not exist, account creation will not occur.