Restricting users coming in through LTI

Restricting users coming in through LTI

by Rameshwar Vupadhyayula -
Number of replies: 1

I am new to the use of LTI. I will describe the context. Please advise the process of implementing LTI in Moodle.

We are using Moodle 4.0. We have a set of school-level activities on our Moodle. 

We are now in discussion with another LMS provider, whose proprietary LMS is also LTI compliant. The LMS provider offers their platform to various partners, who in-turn market the LMS to various schools. It is possible that only a subset of the partners enter into an agreement with us. When their LMS and our Moodle talk to each other through the LTI, how can we ensure that only the partners with whom we have an agreement will have access to the interactives? 

Average of ratings: -
In reply to Rameshwar Vupadhyayula

Re: Restricting users coming in through LTI

by Jake Dallimore -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Rameshwar,

The first thing to note is that if you're running Moodle 4.0, you'll want to be providing access to the activities over LTI 1.3 (LTI Advantage), not the legacy LTI 1.1/2.0 methods. Everything I'll talk about here relates to LTI Advantage only.

The second thing to be aware of is that Moodle, at least in its vanilla form, isn't a multi-tenant application (that's what Moodle Workplace offers additionally). Given you're talking about multiple partners/ tenants on the platform, this is an important point to note. While LTI does provide for multi tenant support in both the tool and platform applications, Moodle is a single tenant tool. Moodle 4.0 therefore doesn't provide the ability to publish content to a specific client or deployment. Any published activities can be seen and consumed by any registered platforms -  provided of course they have been linked properly to begin with (which means they need to have a registration, complete with one or more approved deployment ids).

So, what you're describing might be possible, but it sounds like it will depend on whether all the partners (those you have agreements with) always get access to ALL published activities on the Moodle site. If that is the case, then the existing LTI Advantage model will work for you. In this case, you just need to make sure you've got the relevant registration in place for each of the partners. How this registration is achieved will depend on the deployment model used by the external LMS. You'll either end up with a single registration for the external LMS, and one or more deployment ids per partner, or you'll end up with many registrations; each representing a partner and having one or more deployment ids. Either way, as long as the registration and deployment ids are in place for the relevant partners, they'll all have access to all the published content on the site. If you enter into another agreement with a future partner, then (again, depending on the platform's deployment model), you either add another deployment id to the central registration, or you add a new registration entirely.

If, on the other hand, the desire is to share select content only with each of the partners, then I'm afraid it's something we don't currently support in Moodle LMS. That is, there isn't currently a way to publish a piece of content (an activity or course) to a specific registration (or deployment), and this is mainly because Moodle wasn't designed with tenancy like this in mind. There's an issue dealing with exploring this, but I've not had time to do so yet. You can see that tracker issuer here: MDL-74233.

Hopefully some of the above information is useful. I know there are perhaps a few foreign concepts like registrations and deployments to digest, but you can find good documentation for these on the 1edtech LTI Advantage page.

Cheers,
Jake
Average of ratings: -