Advanced Setup and Configuration

Contents

Financial Setup
Finances and Accounting
Tags
Reports
Export templates
Email Templates and Scripts
Tutor Roles
Controlling User Access (authorisation)
User Roles
Setting up Active Directory (AD) authentication and authorisation.
AD Authorisation
Server configuration file
Using an external database
Server Memory Allocation
Help, Support and Log files
Audit Logging

This chapter outlines the other setup options beyond the General Preferences set up, and advanced configuration options for access control, users and groups, using external databases and server memory allocation.

All of these options are available from the File > Preferences menu

Financial Setup

Finances and Accounting

Account set up

onCourse has full general ledger capabilities, ensuring you are always aware of your profit and loss, liabilities and cash position.

To edit or add general ledger accounts, go to 'Financial' -> 'Accounts'

You can create your own accounts as needed, by selecting the '+' option.

Accounts no longer needed can be disabled.

A range of reports are available to keep you on top of your financial position. Refer to the chapter on Reports for more information.

Accounts window, use the + symbol to add new Accounts

Tags

Tags are a way to customise onCourse to group and sort data based on your business rules. They are also integral to website navigation. Refer to the chapter on tags for more information.

onCourse Tag Groups

Reports

The report window shows a list of all the reports included in the onCourse software, including sub reports. More information about reports and exports can be found in the reporting chapter

This is where you can add or export the existing report templates for you to customise.

Reports window of onCourse

Export templates

This screen lists all the available export templates. Both XML and CSV templates are available for most data within onCourse, allowing you to export your onCourse data for use with other types of software, like spreadsheets, other databases and desktop publishing tools. If you create your own custom exports, or commission ish to create some on your behalf, you can add them to onCourse by clicking the +, locating the export template on your computer, and importing it into onCourse. The template will be immediately added to the list. If the template already existed and this was just an updated template, then the version number will be incremented.

The cogwheel has the following special features:

  • Save Export Template file on disk

  • Duplicate Export template - This will assist users when creating their own custom templates, using an onCourse template as the starting point. The key code will be left blank in the duplicate process for you to create your own unique code.

The "Export" window

Email Templates and Scripts

These templates are the emails that are sent automatically based on scripted events like on enrolment, or as part of daily reports.

By default, only emails and scripts relating to Enrolment confirmations, tax invoices and voucher purchases are active in all new onCourse installations. You can active and de-activate other scripts are required.

We recommend you customise the fixed text in these templates to meet your own terms and conditions for payment, refunds and transfers.

Both plain text and HTML templates are included and can be edited. You can also add your own templates and scripts to onCourse.

These templates also require you to complete some contact details, for example the AVETMISS details, to generate your college email, phone and web address.

More information is available in the Email template chapter and the Scripts chapter

Tutor Roles

Tutor roles are related to the payroll function. Defining a variety of tutor roles allows you to define a range of payrates that apply to your teaching staff. More information is available in the payroll chapter

Defining Tutor Roles

You can edit any of the tutor roles by double clicking on any of the roles.

Tutor Role Edit View

Controlling User Access (authorisation)

User Roles

Access rights restrict what parts of onCourse users can modify, print, view or delete. This is an advanced feature, available for onCourse "Professional and Enterprise" customers. Four pre-defined user roles are available within the system, Enrolment Officer, Administration Manager, Course Manager and Financial Manager. You can modify these and create new access rights groups as needed. Each user within your organisation can be given Admin access rights (full access) or be added to any of your access groups. Select the access rights when creating or editing user profiles, as above.

Users who try and log in twice concurrently will see this screen

Creating and Editing User Roles

To access the "Users" menu, in onCourse go to File > Preferences > Access.

Here you can create roles for users, such as "Administration Manager." Some default access roles have been created in onCourse however you should edit these and create roles applicable to your own organisation.

Each onCourse user should be assigned to a user role that defines their access levels, by default all new users created will have full admin access to all aspects of onCourse.

You can edit an existing access role by double clicking on it, or create new access roles using the + button in the top right hand corner of the window.

Before we delve into the specifics of the Access menu, it's important to know what each option means. If an option like "create" is greyed out, it means that part of onCourse can't be restricted.

  • View: A view permission only allows the contact to see data already created, but does not allow existing records to be edited or new records to be created.

  • Edit: Allows both edit and view rights.

  • Create: Allows the creation of new records, edit and view rights.

  • Delete: Allows record deletion where permitted by onCourse validation. Linked and locked records can not be deleted just because a user has delete rights.

  • Print: Allows printing of reports associated with this record type

  • Hide: Some processes only have one level of access - allow. If this option is not ticked, it means the ability to run the process is denied and the element is hidden from use.

What can you edit in the "Access" menu?

  • Name: here you define the name of the role, e.g; "Administration Manager".

  • People and companies

    • Contact: this refers to all onCourse students, tutors and companies. Full create rights are recommended for any user who needs to process enrolments as new contacts are often created at this time.

  • Course Management

    • Course: permission to work with any course type, including traineeships, Vocational and non-vocational courses

    • VET course details: this only relates to adding or removing unit of competency details from a course

    • Class: permission to work with any class type

    • Enrolment outcomes: only edit rights are editable. This allows the user to set outcome results or change the outcomes linked to a student's record

    • Budget: viewing the class budget can be disabled

    • Session: this permission relates to sessions as they belong to classes

    • Waiting list: permission to work with all wait list records

    • Mailing list: permission to work within existing and create new mailing lists

  • VET Management

    • Qualification reference data: the only permission available here is edit, allowing you to add your choice of nominal hours. All reference data is centrally managed by ish.

    • Certificate: this relates to VET Statements of Attainment and Qualifications only. All contacts with class print permissions can create non-vocational certificates of attendance.

    • Print certificate without verified USI: This allows VET certificates to be printed when the student has a USI on record that has not yet been verified. A warning to the user will still be shown. This only applies to certificates created after 1/1/2015

    • Print certificate without USI: This allows VET certificates to be printed when the student has no USI on record. A warning to the user will still be shown. This only applies to certificates created after 1/1/2015

  • Resources

    • Site: view can not be disabled, allows user to create new and edit current Sites.

    • Room: view can not be disabled, allows user to create new and edit current Rooms.

  • Financial

    • Enrolment: Create permission needed for an onCourse user to use Quick Enrol

    • Custom enrolment discount: Allow permission gives the ability for any manual discount to be added to any enrolment processed through Quick Enrol.

    • Applications: Lets the user access course applications from prospective students.

    • Discount: This permission relates to the creation of discount strategies. Discounts will auto apply to any applicable enrolment regardless of permission here. Also the ability to link discounts to classes, corporate passes, concession types and membership types.

    • Tutor roles: These roles determine pay rates for teaching staff.

    • Tutor pay: This permission relates to the creation and editing of payslips.

    • Override tutor session payable time: allows user to unlock and modify a tutor's payable time manually

    • Bulk confirm tutor wages: allows users to click the 'confirm now' button in the Generate tutor payroll sheet that confirms all the unconfirmed paylines

    • Invoice: This permission relates to the creation of manual invoices (invoices not created as part of the Quick Enrol process).

    • Credit note: Allow the creation of manual credit notes. This permission is not needed for the creation of automatic credit notes during enrolment or class cancellation.

    • Payment In: Permission relates only to manual payment in records, not those created during Quick Enrol.

    • Payment Out: This permission is about creating refunds, usually processed in real time back to payer's credit cards.

    • Payment Method: This allows the user to change the payment method when accepting payments.

    • Account: Account settings for onCourse chart of accounts

    • Transaction: general ledger transaction records created during all financial transactions. These can only be viewed, never edited or manually created.

    • Financial preferences: The onCourse preferences that set the default accounts for various transaction types

    • Banking: Allow permission to run the bank process

    • Reconciliation: Allow permission to reconcile payments

    • Corporate pass: Permissions relating to the creation or editing or CorporatePass. This permission is not required to process a website enrolment that uses a CorporatePass for payment.

    • Payment plan: Permissions relating to the creation or editing Payment plans.

    • Summary extracts: Permission that allows a user to export/print MYOB Export and Trial Balance from the Financial menu.

  • Special actions

    • Class duplication/rollover: Allow duplication of one or more classes from existing class(es)

    • Class cancellation: Cancellation process that prevents further enrolments and creates credit notes for existing enrolments

    • Exporting to XML: Export of class information for brochure production

    • Creating certificate from class: Bulk certificate creation process for VET and non-VET enrolments

    • Contact merging: Merge duplicate student records

    • Enrolment cancellation and transferring: Cancel or transfer individual enrolments and create a credit note

    • Export AVETMISS: Export training data for government reporting

    • Data import: import data into onCourse

    • Override tutor payrate: Allow a local override at the class level to any manually set payrate

    • Edit/Delete Notes: Gives permission to edit and delete record note items

  • Messaging

    • Email up to 50 contacts: This permission is useful for admin staff who may need to notify a class of students about changes.

    • Email over 50 contacts: This permission is most appropriate to marketing staff.

    • SMS up to 50 contacts: This permission is for admin staff who may need to notify a class of students about changes.

    • SMS over 50 contacts: This permission is most appropriate to marketing staff.

  • Web and content management

    • Documents: Permissions relating to documents used on the public website, inside onCourse and available via the portal

    • Private Documents: Permissions relating to documents set as Private within onCourse. Can only view, edit and create. Cannot delete or print.

    • Tag: Permission relating to all tag groups, including those that drive the website navigation. This permission is not required to add tags to records, only to edit tag groups.

  • Products

    • Product: This permission relates to the creation and editing of Products

    • Memberships: This permission relates to the creation and editing of Memberships

    • Vouchers: This permission relates to the creation and editing of Vouchers

    • Sales: This permission relates to the creation and editing of Sales

  • Other

    • Report: Permissions to view, modify and print reports.

    • Email Template: Permission to modify Email Templates.

    • Export Template: Permission to modify Export Templates.

    • Scripts: Permission to modify Scripts.

    • Funding contract: Allows user to view/modify Funding Contracts

    • Funding upload: Allows user to access Funding Uploads

    • Audit logging: Allows user to access Audit Logs

    • Contact relation types: Permissions to view/modify contact types.

    • General preferences: Relates to onCourse application preferences that affects all users

    • Change administration centre: Allows user to change administration centre details

    • Concession type: Permission to modify available concessions. This permission is not needed to add concession types to contact records.

    • Require two factor authentication: If this is allowed then a user who logs in without two factor authentication enabled is immediately shown the "Enable two factor authentication" dialog

Setting up Active Directory (AD) authentication and authorisation.

The below example has been completed with Windows Server 2003 R2 SP2 and onCourse 1.7.13. onCourse has the ability to use an external LDAP/AD server for authentication and authorisation, what we mean by this is that you do not need to use the onCourse user and group database but you can use your already setup AD database. Firstly on your Windows Server 2003 Machine go to "My Computer" right click and select "Properties" and you will find the following screen.

Please take careful note of the "Full Computer Name" and the "Domain" as with this information you now have the building blocks for our configuration.

Now the next thing we need to get the LDAP/AD authentication working is either the Administrator password or, a user account which is a member of the Administrators group. This is because when a query happens on the AD server it is required to login first before it can do any searches on users. If your administrators want to lock it down further they are welcome to do so, we only need read access to all user and group objects in the AD as well as the passwords for all of those users. So now we enter "Active Directory Users and Computers" and create our user:

and add it to the administrators group and remember your password!

Now we have everything we need! Complete the setup screen as follows:

Once you have substituted all of the settings as necessary press the "Test Connection" button to ensure that onCourse can bind to the LDAP server. Once that works, you can then go to the "Users" section of this configuration page and place "sAMAccountName" and (objectClass=user) for the search filter. Now test a user in your domain and see if it authenticates. If it works, congratulations you are now authenticating against your AD server!

AD Authorisation

Authorisation is the process of giving your users the correct rights when they are logged in, this has a direct relationship with the different roles you can setup or create within onCourse. If you wish to use your AD server to allocate roles to your users, complete the following:

At the top of your "Active Directory Users and Computers" create an "Organizational Unit" (OU) and call it "onCourse".

In that OU create security groups which reflect the names of the roles in onCourse. Say for example the roles which are build into onCourse (you can find this in "File" --> "Preferences" --> "Access" in onCourse):

  • Administration Manager

  • Course Manager

  • Enrolment Officer

  • Financial Manager

You can add or delete roles here as you wish but a corresponding group must exist in AD for the authorisation/access rights to be allocated.

When you have created those groups in AD add the necessary users who belong to each group.

We can then turn it on the onCourse preferences under LDAP/Authorisation and Roles and set it up the same as the following picture:

That is all for Windows Server AD/LDAP authentication and authorisation! good luck!

Server configuration file

Sometimes the onCourse server defaults aren't perfect for your office. Ports may be blocked, another server might already be set up. We've added the ability to specify useful parameters in a configuration file that onCourse Server will check on startup.

Create a text file called with the name 'onCourse.cfg' and place in the same folder as the onCourse Server executable, whether that be running on Windows (.exe), OSX (.app) or Unix/Linux (.jar).

The directives allowed in this file are:

		ip – specify which IP addresses to listen on. Repeat this line as many times as you require.
		port – specify which port to listen on for non-SSL client connections (Specify the port as 0 to disable non-SSL connections)
		ssl_port – specify which port to listen on for SSL client connection. (Specify the port as 0 to disable SSL connections)
		db – specify and URI for your database.
		max_concurrent_users - maximum number of users who can connect at once
		client_server_compression_level - compression between client and server connection. 0 is off, 6 is default and 9 is the maximum compression setting. More compression uses more CPU at each end.
	 

A sample onCourse.cfg might contain:

		port=0
		ssl_port=8182
		db=jdbc:mysql//db.example.com/onCourse
		ip=192.168.0.1
		ip=192.168.0.2
		max_concurrent_users=10
		client_server_compression_level=8
			

examples of URLs for internal Derby database (OS X, FreeBSD):

		db=jdbc:derby:/Users/admin/onCourse/
		db=file:/Users/admin/onCourse/

examples of URLs for internal Derby databse (Windows):

		db=jdbc:derby:/C:/onCourse/
		db=file:/C:/onCourse/
				

Note

use 3 slashes after the protocol name 'file' in both cases
use /, not \ also under Windows
onCourse will replace all white spaces with '%20', If you use windows or there are white spaces in the URI path you must surround the URI with ".

Using an external database

In order to connect to external databases such as MySQL and MS SQL, onCourse Server needs to know where the external database lives. This can be done by using a server configuration file, see the section called “Server configuration file” below. Starting the server with special arguments (in the cases of headless configurations commonly found on Unix-derivative systems such as FreeBSD, Linux and Solaris), or choosing the external database option through GUI when first starting onCourse Server.

Note

connecting to an external database is a paid for feature, you must contact us to enable it.

A valid URI contains the following information:

host, e.g. 203.29.62.146 or delish.ish.com.au
port, e.g. 1376, 3306 or 1521
database name, e.g. onCourse
user name, e.g. oncourse
password, e.g. oncourse
every vendor has its own URI (URL) format which has to be used (remind quotations)

MS SQL Server:

				  db=jdbc:jtds:sqlserver://<host>:<port>/<dbName>;user=username;password=password
				  db=jdbc:jtds:sqlserver://203.29.62.146:1376/onCourse;user=oncourse;password=oncourse
				

MySQL:

				  db=jdbc:mysql://<host>:<port>/<dbname>?user=username&password=password
				  db=jdbc:mysql://delish.ish.com.au:3306/onCourse?user=oncourse&password=oncourse
				

It is not necessary to specify a port, if the default port is used.

More information about URIs at http://blogs.msdn.com/ie/archive/2006/12/06/file-uris-in-windows.aspx

Server Memory Allocation

In addition, you can specify a different memory utilisation for onCourse Server. onCourse Server will try to use all the memory you allocate to it, since it makes use of that memory for caching. Up to a certain point, adding more memory will help, but after that more memory will have no effect or even slow things down since the server has more work to do managing all that cache. You will have to tune your settings according to your own needs, but the default will do fairly well for most installations.

If you are running Linux or Unix, you will find the necessary settings in the startup script. On Windows you need to create a text file with the name onCourseServer.vmoptions or onCourseService.vmoptions. The name of this file before the dot must match exactly the name of your executable before the dot. In that file put this:

-Xmx1500M

That will increase the cache to 1500 Mb for onCourse Server. About another 80Mb will be used by the application itself, so the total usage will be those two combined. On Windows 32bit, never go past 1.5Gb for onCourse because of limitations in Windows. A Unix or OSX 32bit environment will allow you to assign up 3.5Gb.

The onCourseServer.log will report errors of java.lang.OutOfMemoryError if you have given the onCourse Server insufficient RAM for your usage requirements. Prior to this your end users may also detect processing errors, such as failing enrolments.

Beyond what you have allocated to onCourse, make sure the server has sufficient RAM to run the operating system and other applications. It is very important that the server doesn't swap memory to disk at any time or you will encounter major performance problems.

In a 64bit operating system you can install more than 4Gb of RAM in the server memory. OS X users will be running 64bit by default. We recommend installing 64bit operating systems for all servers.

Help, Support and Log files

The onCourse server application and the onCourse client application both create daily log files. The onCourse server log levels are set by the onCourse database manager inside the config file. The onCourse client logging can be set from inside the onCourse application.

In the Help menu, select the option 'Set log level' and choose from DEBUG, INFO or WARN (default).

If you need to access your client log files you can find them in the OS User home directory, or use the tool inside the onCourse Help menu to open the folder directly 'Show onCourse client logs..'. Historical log files will be zipped and include the date they were logging within the file name. The current log file being written will be called onCourse.log.

The onCourse client Help menu

Audit Logging

Available from the preferences menu is the option 'Audit Logging'. Audit logs are created when a record is created, edited or deleted. When a script fails or an email key collision occurs, an audit log record is also created.

The Audit Log list view window displays all entities edited or created by each onCourse user and the date and time of that action.

The advanced search function in Audit logs allows you to search for a particular type of log e.g. script failure or log from a particular user.

Double clicking on the audit log for a script failure or email key collision will provide additional information in 'message' field in the edit view. Edit, create or delete logs do not show any additional information in the edit view.

You can also access the audit logs for a particular record by using the 'find related' feature from any list view. For example, you can select a class and find the related audit logs for that one particular class, or from the user account record, all audit logs for one particular user.

The list view of the audit logs