Roles and SSO

Hello I'm evaluating Opigno and I think that it's the right choice for our school. I have another coulple of questions regarding roles and single sign-on. The Opigno documentation states that there are 8 roles available (Administrator, Student Manager, Forum administrator, Forum moderator, Manager, Teacher, Coach, Student) but when I check the roles in my Opigno LMS mint installation I only see administrator, student manager and forum administrator. This is puzzling for me, is this normal? Do I have to create the missing roles and add permissions by myself? Or something went wrong during the installation? I already have the official school homepage in Drupal and I want to keep separated the two sites (school homepage and e-learning), so as suggested in this post I would like to use the CAS module to enable SSO across the Drupal instances. If you think that the following questions are out of place here, I'll ask them in the CAS project page. The CAS module creates the user at the moment of the first login. It would be possible to create them programmatically (e.g. via a cronjob)? Let's say that I import users in the main Drupal site and then want to manage courses and users in Opigno. If I'm not able to import all the users at one time I couldn't do that, I should ask everyone to make a first login and then add users to courses. It's a bit impractical It's possible to import/associate also the user's roles? In the main site I already have defined roles for students and teachers, this would save a lot of time and prevent errors Thank you again :)



Here are some answers to your questions:

1. Some roles are related to the user at platform level (student, administrator, student manager), other ones are at course level (teacher) or at class level (coach). So you don't have to add roles to your Opigno platform, some role can only be attributed at course level. For example, it would be possible with Opigno to have one user with teacher role for one course, and student role for another course.

2. Cas does not allow to provision users from the server to the clients. The account is only created during the first creation. If you are using a LDAP server like ActiveDirectory, then it would be possible to provision users from this LDAP server.

Instead of CAS, you may consider modules like Account_sync or Bakery

In this case it would be possible to also synchronise the roles.

You can also consider this solution, if the roles on the main website can be compliant with the ones on the Opigno website, in order to have a single user database.

I hope this will help you.

Best regards,




Your reasoning is not logical

axel, The way you OPIGno assign user roles does NOT follow a logical pattern. I would ask that the Opigno team redesign this particular function. 1. The platform admin should be able to assign ALL user roles from the ***/admin/people page. The "ADD A ROLE FOR THE SELECTED USER" should include Teacher, Student, and Coach. 2. When onboarding/ approving a new account, the verification page should allow admins to select TEACHER , STUDENT or COACH. 3. When approved user log in for the first time, they should be taken to the dashboard related to the user role that the platform admin designated. See how much EASIER that is? You guys should consider making this change. I am considering making these changes on my install. But I figure I would at least give you guys a chance to fix it globally first. :)