Cloud Streaming - Residence Life Cinema (RLC) Authentication Guide

This document includes the specific authentication methods available to Swank Residence Life Cinema (RLC) customers.

IP Address Authentication

This restricts viewing to the allowed public IPs of the campus or facility.  This is sufficient for allowing access across the entire campus population and is required for all Resident Life Cinema deployments.  Provide your public IP range(s) and this can be configured by our Accounts and Support Teams. Note: Single Sign On may also be required if needing to restrict to a specific audience within your campus.

Single Sign On (SSO) Integration

SSO cannot be used as an alternative for IP auth in RLC markets as IP auth is required to restrict access to the campus only. SSO would be in addition to the IP Authentication requirement. RLC sites cannot be accessed while off-campus. In these markets, SSO should only be used if the audience needs to be further restricted to a select group and can be filtered using OUs or SAML Attributes. 

*Please contact your Account Manager and advise which Authentication method you choose to use before proceeding with SAML or Google OAuth setup. 

We currently offer integration with SAML and Google OAuth SSO. Please find the guides at the following links for SAML and Google OAuth integrations. 

• Configuring Swank Cloud Streaming SAML Authentication
  • There are links within this document for specific examples of common IDP SAML integrations. 
• Google Gsuite Oauth SSO Integration

General Overview of SAML SSO Setup

This section outlines the high-level steps to integrate a SAML provider with Swank Cloud Streaming portal. The Metadata XML approach is the suggested approach because it reduces errors in transmission and manual configuration

1. Configure SAML Identity Provider: 
   • Preferred Approach: Use the SAML Service Provider Metadata XML file provided by Swank to import our configuration into your SAML Identity Provider. You can download the file here.
   • Alternate Approach: If your identity provider does not support importing an XML Metadata file, use the manual configuration.
2. Configure Swank Streaming Portal:
   1. Login with your admin credentials provided by your Account Manager.
   2. Configure your settings via the XML document in the SAML Settings portion of the Cloud Streaming Admin Portal. 
      • Preferred Approach: Generate a SAML Identity Provider Metadata XML file from your Identity Provider service and import into "Load Settings" area with the "SAML External" tab
      • Alternate Approach: If your identity provider does not support exporting an Identity Provider Metadata XML file, use the manual configuration
3. Create Role Mapping: To elevate permissions for Instructors or Administrators, you must add role mapping rules to map roles from your identity provider into roles for the streaming system.
   • Additional information on Roles can be found here: User Roles
   • More information on Role Mapping can be found in the following document on Step 3: SAML Authentication Configuration
4. Testing: Test the integration using SAML to ensure access.
   • If there are issues, you will need to create a test account for each role.