16. Passwords and Authentication
|This lesson explains how to use the Password Zones module to exclude people who should not have access to your class website.|
- Read the material on this page
- Follow the links and read the relevant Help material
- Take the practice quiz
- Observe FTF demonstration
- Do the exercise
Read the Quick Guide for an overview of the subject.
Quick Guide for passwords and authentication
Introduction to Passwords and Authentication
One way to control access to your class components is to turn them on or off. However, when turned off (that is, deactivated or made inaccessible-- all the same thing), no one at all -- except you -- can access the page. When turned on, everyone on the Web can access the page.
Another way to control access is to implement password-protection, also known as authentication. In this case, only visitors (usually students) with a valid username and password can access the page. Passwording can be used with a variety of CATE components. Sometimes it's required, sometimes optional.
In every case, we recommend that you implement authentication everywhere you can. That's especially true in online classes.
In order to use authentication, you must have a section homepage for the class and you must properly configure the CATE "Roster Options." That in turn means you must have an understanding of CATE rosters and student management.
When that's under control, then you can use the Password Zones module to actually implement authentication.
As usual, the "Magic Button" in the Section Homepage module will take care of all this for you automatically, or you can do everything manually.
Also, keep in mind that implementing authentication is a one-time-only set-up procedure. After you set this up for a class website and ensure it is working to your satisfaction, you should never need to mess with it again.
Some components can't be protected:
- Personal homepages
- Course homepages
- Section homepages
Some components must be protected:
- In Boxes
- Student Configuration Manager
For some components, protection is optional:
- Schedule pages
- Presentation pages
- Tests, quizzes, exams
In any event, we always strongly recommend you should implement authentication to protect everything you can. That protects your material from intruders and also provides complete logging information about student activities, which can be useful for many purposes and critical for investigations such as detecting cheating.
Keep in mind the important distinction between authentication on the one hand, and -- on the other hand -- simply turning the page on or off.
If a page is turned off, no one (except you) can access the page, regardless of authentication.
If a page is turned on but it is also password-protected, then only visitors with a valid username and password can access the page.
Think of authentication as protecting your valuables in a big iron safe.
For the safe, the first thing you do is buy it. Then you decide what to put inside the safe. Then you decide who can open the safe.
Authentication works much the same way. First you create a password zone. Then you decide which class components to protect within that zone. Then you decide which section(s) can have access to the components within the zone.
You can have an unlimited number of password zones. Each zone can protect whatever you want. Each page or other component can only be protected by one zone. Each zone (and the pages and components in that zone) can be accessible to students in one or more sections. That provides a great deal of flexibility with authentication.
In general, however, you will almost always want to have one zone for each class website. That zone will protect all the components of the website. And all of the students in one section will have access to the zone and the components it protects.
Of course, there are plenty of other ways of doing it. They're just less common. You could, for example, put all your components for all your ENGL 1A sections into one zone, then give all your students in all your ENGL 1A sections access to that zone. But don't try that until you understand all the ramifications!
Creating a Zone and Implementing Authentication
Log into your CATE account. Go to the Password Zones module. This is the Password Zones Menu page.
Any zones you already have on file will be listed there. If you want to work on an existing zone, select the corresponding radio button, then click the "View Selected Zone" button near the bottom of the page. As with any CATE component, you can always edit a zone at any time.
To create a new zone, click the "Add a New Zone" button under the Help banner on the Password Zones Menu page.
The first thing you must do is name the zone. As always, refrain from naming the zone according to a section number, because your section numbers will probably change every semester, and this will just lead to confusion. Better to name a zone according to the course, such as ENGL 1A.
On the same page, near the bottom you can optionally enter a guest username and password for this zone. Leave them blank if you don't want/need to have a guest username and password. If you want to grant access to friends, family, and/or colleagues, you can enter a suitable username and password. (Note that all guests will use the same guest username and password, at least until you change one or both.)
When ready, click to confirm adding the zone.
After creating the new zone, you'll be at the menu page for that particular zone. This is where you can deal with all the configs and options for the zone.
To begin with you'll find a row of three buttons. "Back to Menu" takes you to the menu of all your password zones. "Edit Zone" takes you to the page where you can edit the name of the zone, the guest username, and the guest password. "Delete Zone" allows you to completely remove the zone from the system. (Of course, doing so will also delete authentication for any components protected by this zone.)
Under the bold "Sections/Groups whose students have access to this zone" heading in the first horizontal black bar, two buttons allow you to specify which students will have access to components protected within this zone. This is the equivalent of deciding who will be able to open the big iron safe. You can grant access to the students in one or more sections, or -- far, far less commonly -- you can grant access to the students in one or more groups. In the vast majority of cases you will want to select one section for access to this zone. To do so, click the "Add Sections to Zone" button, select the appropriate section, and confirm. Note that you can also grant access via the options available in the Student Rosters module. Either approach can accomplish exactly the same thing.
Under the bold "Default protection for newly-created Presentation pages" heading in the second horizontal black bar, you can set up an automated routine. If desired, whenever a new page is created within the specified presentation(s), the new page will be automatically protected by this zone. Note that this has absolutely no effect any existing presentation page. Also note that you can set up the exact same automated routine via the Presentations module.
Under the bold "Pages, tests, etc protected by this zone" heading in the third horizontal black bar, you can decide which components to protect with this zone. This is the equivalent of deciding what valuables to put inside the big iron safe. To protect presentation pages, schedules, tests, and/or directories (in each case singular or plural), click the corresponding button on the right. The pick the component(s) you want to protect by selecting the corresponding checkbox for each component. Finally, click to confirm adding the component to the zone. Note that you can accomplish the exact same thing in each of those four modules. For example, you can go to the Test & Exercise module to place a test in a zone, you can go to the Presentations module to place a presentation page in a zone, and so on. Either approach can accomplish exactly the same thing.
After you set this up for a class website and ensure it is working to your satisfaction, you should never need to mess with it again. As long as you follow the standard end-of-semester maintenance procedures to archive, purge, and re-use, the same zone with the same settings should work flawlessly for your sections semester after semester.
To reiterate, the system will take care of all those steps for you automatically if you use the "Magic Button" to create your class website.
Accessing Protected Components
After creating the zone, protecting components within the zone, and granting access to students (in one or more sections or one or more groups), you're all set.
Having completed that task, whenever a student (or any visitor) attempts to access any of those protected components, one of two things will happen. If the page is closed, the visitor will under no circumstances be allowed access. If the page is open, the visitor must enter a valid username and password before he or she can see the page.
If a visitor successfully accesses a password-protected component, the system will log that visit and keep track of subsequent activities by the visitor so you can see that information via the CATE Student Rosters module. In addition, the system will cache the authentication credentials so the visitor will not need to enter username and password again for your class website during that session. (Although the authentication will eventually expire and at that point the visitor will need to enter username and password again.)
Study the Help module for this topic. Think of this as a chapter in your textbook.
How to...Create a Password Zone: http://online.santarosa.edu/catedocs/howto_create_zone.html
How to...Password-Protect a Page, Schedule, Test, etc: http://online.santarosa.edu/catedocs/howto_password_pages.html
How to...Password Protect a Directory: http://online.santarosa.edu/catedocs/howto_directory_password.html
How to...Grant a Section Access to a Password Zone: http://online.santarosa.edu/catedocs/howto_grant_access.html
How to...Access Password-Protected Files: http://online.santarosa.edu/catedocs/howto_access_passwd.html
After studying all the material for this lesson, take the self-assessment quiz.
CATE Online Training Quiz 10: Passwords and authentication
Demonstration (For face-to-face sessions)
We'll demonstrate how a student goes through the check-in process, how you accept students into a class, and how you manage students on your CATE roster.
Lectures slides (Rosters, Check-in, Web Groups, Passwording): http://online.santarosa.edu/presentation/?8998
|To help you better understand the material, to integrate the different modules, and to demonstrate how an entire class can be constructed from various components, in each lesson you'll be creating a portion of a class website, so at the end of the process you'll have a complete model of an entire class. |
To begin with, you should always use a practice course (such as CATE 101, ROCK 101, or BASE 101) for your exercises. After you've mastered the process and created material that's ready for your students, then you can convert your practice class into a real class that you're actually teaching and make it accessible.
Here's the exercise for this lesson:
Use the Password Zones module to create a new password zone.
Set up a guest username and guest password for the zone.
Grant access to the zone for all students in your practice session.
Implement protection for all the components for your practice class website, including schedule page, presentation pages, tests, etc.
This means your practice student will be able to access the protected components. Use your practice student to navigate throughout the protected pages.
Go to the Student Rosters module, go to your practice section, and check the log of activities for your practice student.
Lab (For face-to-face sessions)
We'll walk around the room and assist individually as you undertake the exercises for this material.
WWII 101 A plain-vanilla sample class website
Rock 101 A fancier sample class website
Please provide us with comments, corrections, and/or suggestion regarding this material. Be sure to identify the lesson and the material to which you're referring.
Thanks for taking the time to help us improve these online training materials.
CATE Online Training Feedback