Table of Contents
VIDIZMO ID Connector provides synchronization of users and groups between local Active Directory (AD) and online VIDIZMO Channel, providing SSO functionality and central administration and management. Since administrator may want only selected AD users to gain access to Online VIDIZMO Channel, administrators can map OUs or Groups imported by ID Connector with VIDIZMO Channels setup. This gives a complete control over who can gain access to the selected channel.
For VIDIZMO ID Connector customers, their Online VIDIZMO channel is configured to use VIDIZMO ID Connector to authenticate the end users (viewers). When an end user accesses the online channel at HTTP://[channelName].vidizmo.com, they are redirected to their internal ID Connector website which authenticates them with their AD credentials and automatically logs in to VIDIZMO Online Channel. Rest of the VIDIZMO functions work the same way as for web authenticated users.
Following diagram depicts the flow for the end user:
To map OU or Group to a channel, first set up VIDIZMO Channel(s), provide Channel mapping and later review synchronized Users, which is explained in the section below.
The first step in configuring VIDIZMO ID Connector is to set up your VIDIZMO Account/ Channel. To configure your VIDIZMO Account/ Channel, you may need to contact VIDIZMO Support team if you are not able to find the options shown in steps below. Please contact Sales or Support to find out. To configure, follow the instructions below:
1. Login to the VIDIZMO Account/ Channel that you want to configure to authenticate using VIDIZMO ID Connector.
2. Go to Settings > Login > Corporate Login
3. Click on the Enable button
4. Once you click on the Enable button, the following fields will become visible:
i. Identity Provider: Select ID Connector from the drop-down.
ii. Authentication URL: Provide the URL of ID Connector Website configured during the ID Connector install.
iii. In the "Sign-in Caption" and "Sign-In Caption Tooltip", provide relevant text to guide users how to sign in. This tooltip and text appear on the sign-in page of the channel.
5. Add the authentication URL to the Trusted Domains. Once you have added the domain, click on "Done".
Once done, click on the “Update” button at the bottom of the page.
This option will only appear if VIDIZMO Administrator has enabled Channel to use ID Connector. If it is not already enabled, please contact firstname.lastname@example.org to get ID Connector enabled for your Channel.
Before moving to the ID Connector website, and to ensure successful Channel Mapping, the City and Work Email fields need to be populated under the "Organization" tab (if they are not already populated):
6. After updating the Channel settings from the VIDIZMO portal, go to the ID Connector website and login with ID Connector's Website administrator credentials.
7. From the top navigation, go to the Channel > Manage Channel screen.
8. Click on the Add button which opens up a new window:
9. Provide a valid Channel Key, Channel Admin user Id, and password and then click on the Verify Channel button. This will load the Channel's basic information in the lower part of the window.
After the Channel has been verified, click on the Add button to add the Channel to the Mapped Channel's list.
10. Repeat the steps above if more channels are to be mapped.
Once the channels have been added in VIDIZMO ID Connector, you are ready to move to the next step, which involves mapping these channels to the appropriate AD Group and OUs or the entire Domain, if required. Mapping the channel authorizes the Users which are part of the Group or OU to have access to that Channel.
After the channels have been set up, next step involves mapping them to OUs and Groups available in the AD. This can be done by following the steps mentioned below:
These steps can only be performed when ID Synchronization service has run once. If it has not, you won’t find any OUs or Groups to map to the Channel.
i. From the top navigation, go to Channel > Channel Mapping screen, where the list of recently added channels is displayed on the left side, along with the respective OUs/ Groups mapped on the right-hand side:
ii. Select the channel to be mapped, by clicking on it
iii. On the right side click on the Define button, which will open up a new window.
iv. Search for the OU or Group that you want to map. Filters available include keyword to search for, Domain and type of objects (OU, Group, All)
OU and Group list is available only when ID Sync service has run once, which happens as soon as the ID Sync Service is activated. If the list doesn’t show up, wait a few minutes and try again.
To check if ID Sync Service has run and added new records, go to Settings > Service Activity Log, which will display newly added, updated and deleted objects obtained from the AD.
v. Select the Groups or OUs to be mapped, by enabling the checkbox and click on the Add button.
AD Groups and OUs work the same way in ID Connector as they work in AD i.e. if the parent Group or OU is mapped, all the child Groups and OUs (and therefore the users under them), automatically gain access to VIDIZMO Channel.
Therefore, it is recommended that Groups and OUs should be carefully mapped; mapping the main OU or a Group will let every user gain access ultimately.
vi. Repeat the steps above if more Group or OUs are required
vii. Back on the Channel Mapping page, click Save to save the channel.
The AD users under selected Groups and OUs will be synchronized on next run of ID Sync Service. The results will show up in numbers in ‘# of Users’ column in ‘Manage Channels’ page. The count there shows the actual number of users synchronized to that particular VIDIZMO Channel.
If more Channels are to be mapped, repeat the process by selecting the appropriate channel.
After Channel has been mapped to Group or OU, the users will be synchronized at specified VIDIZMO Channels, next time ID Connector Sync service runs. During this time, if an AD user tries to access ID website, he’ll automatically be signed up and redirected to VIDIZMO Channel, without having to provide any additional user id or password, other than its AD credentials.
The Manage User screen, accessible from Users > Manage Users, provides a convenient way of looking at all the users imported by ID Sync Service and their synchronization status.
Here are some of the scenarios where the Manage Users feature is useful:
Filters such as User Name, Channel, and Status lists only relevant users. A brief description of each Status type is provided below:
- New – users which were found in the AD and didn’t exist in ID Connector database. Normally such users are the ones that were created in the AD after the ID Sync service was run last time. Initially, the status for all the users is displayed as New.
- Updated – the users will be marked as updated the next time ID Sync Service runs. All the users that were imported will be marked as updated. If a user from the AD has been disabled or deleted, it will automatically be removed from the list.
- Processing – when the ID Sync service is busy processing a user account at VIDIZMO, it will set its status to Processing. Normally this status should not last more than the time it takes the ID Sync Service to complete processing.
- Synchronized – after the user has been synchronized at VIDIZMO and created an account, its status will be set to Synchronized. This status shows the users that have been registered at VIDIZMO and will gain access to their respective Channel.
- Error – in case a user could not be synchronized because of any error, its status will show up as Error. In such cases, Administrator should consult the Event log for a detailed explanation of the problem and resolve the problem.
4.2. Filter Users on Channel
Another convenient filter available on this screen is Channel. The channels set up at ID Connector will show up in the drop-down list. With this, the site administrator can list all the users who have qualified for synchronization with the Channel and have been successfully signed up.
4.3. User Details
Clicking on the specific user will open up detailed information of the user stored in ID Connector database. This information is often helpful diagnosing a problem or understanding why that user didn’t synchronize in a given channel or why he did.
4.4. De-Synchronize User
While OU, Group and Domain mapping provide a convenient way to synchronize users in bulk, there may often be a need of removing a specific user from being synchronized. This can be achieved by checking the user on Manage User screen and clicking on the Update button.
With this check applied to one or more users, ID Sync service, next time when it runs, will remove users from VIDIZMO Channel if they were already synchronized or will exclude users from getting synchronized at VIDIZMO.
5. Service Activity Log
Service Activity Log is another page that shows the overall statistics generated by the ID Sync service. After each run, the service should show 5 log records for each entity, namely OUs, Groups, Users and Domain list imported from the AD/Forrest and finally the User that were signed up at VIDIZMO.
Brief description of each column displayed on the screen is provided below
- Entity Name – is the name of the Entity that is being processed. This is an internal name that ID Sync service uses.
- Provider Id – is another internal id given to the AD Provider, responsible for importing Users, OUs, Groups, and Domain lists from the AD and VIDIZMO Provider, responsible for synchronizing the users at VIDIZMO. For AD Provider the id will be 1, while for VIDIZMO the id will be 2.
- Start Time and End Time – show the time ID Sync service started processing a particular Entity. This shows the time it is taking to process that Entity and therefore can help calibrate the ID Sync Service schedule after multiple runs.
- Added or Updated / Failed – this field shows the number of Added or Updated objects as well as the number of objects that got failed during the process. For example, ‘255 / 5’ means 255 objects were updated or added while 5 got failed. In case of the user, the actual user details can be obtained from Manage User page.
- Deleted / Failed – this field shows objects that were found missing from the AD and therefore were deleted from the local database as well as from VIDIZMO. In case of any failure during the process of deletion, the number would show up in this field. For example, "10 / 1" means 10 objects were deleted while 1 failed.
6. End User Access
VIDIZMO ID Connector primarily provides SSO, Central User Administration, and VIDIZMO Channel access control. Therefore, for the end user, the change comes at the sign-up and sign in steps only, rest of the VIDIZMO experience remains the same.
6.1. Users with AD Login Id
For a VIDIZMO Channel end user, who has a login id for the local AD, the new process is described below:
- Channel user opens up Channel or any media published in the channel by going to the URL
- After the page is fully loaded, the user is automatically redirected to the ID Connector Website for login as shown below
- User will provide the official login id and password, like in other locally accessible systems and press ok
- User’s credentials will be authenticated from corporate AD, silently logged in at VIDIZMO and will be redirected to the Channel page the user was initially trying to access
With these simple steps, the user does not have to use separate sign-in credentials and can use his existing AD credentials to log in to VIDIZMO and thus get secured access to the published media. A user authenticated via ID Connector has all the rights that a regular VIDIZMO user has and can be made a Channel Administrator, thus is given extra rights as and when needed.
6.2. Users without AD Login Id
For users who do not have AD User id, they will still be able to join an existing Channel as before. This is how the process looks like for users who do not have an AD login:
- On step 2 of the flow above, on pressing Cancel they will be taken back to the VIDIZMO portal and allowed to access it as an anonymous user like before.
- If however, the page requires secure access, the user will be asked to log in via the regular login page as shown below
- User will provide the login Id password already created at VIDIZMO and login to access the Account/Channel. After getting logged in, the users will have all the options that are normally accessible to such users. These users, like the AD Users synchronized by ID Connector, or Federated Users, can be given administrative access to the Channel.
7. Inviting Users to join Channel
VIDIZMO provides a convenient functionality to invite users to join a Channel. This feature will not work for users who have AD User Id, and therefore is not applicable for such users anymore. AD Users can be given access to the Channel by mapping their AD Group or OU against that Channel via VIDIZMO ID Connector. The mapped users will automatically become users of that Channel.
VIDIZMO Invite feature is only for those Users who do not have the AD User Id and require access to secured Channel content.
Click on the VIDIZMO kb article on How To Invite People To Join Your Channel to learn how users can be invited.
You can also click on the following articles to learn more about join requests:
Action: Add, Update, Delete