Overview

Swank Streaming Services offers multiple ways to authenticate to view your custom platform:

• • User Authentication (Direct Login) - This allows defined users to login directly to Swank's site to view content. This is managed with the Swank Streaming Portal by an Administrator. You can find the guide for adding individual users and bulk import here:  Creating Users Individually or via Bulk Entry
  • Single Sign On (SSO) Integration - We offer integration with SAML and Google OAuth Integration

This document outlines the high-level steps to integrate a SAML identity provider with Swank's Cloud Streaming portal. The Metadata XML approach is the suggested approach because it reduces errors in transmission and manual configuration

*Please contact your Account Manager and advise which Authentication method you choose to use before proceeding with SAML or Google OAuth setup. 

SSO / SAML Integration: 

When choosing between Google OAuth and SAML authentication options, we recommend using SAML authentication whenever possible.  SAML configurations are much simpler, faster to set up, more powerful and less brittle.

Please find the guide at the following link for SAML integration. There are links within the document for specific examples of common IDP applications. 

• Configuring Swank Cloud Streaming SAML Authentication
• Google Gsuite Oauth SSO Integration
  

General Overview of SAML SSO Setup

This section outlines the high-level steps to integrate a SAML provider with Swank Cloud Streaming portal. The Metadata XML approach is the suggested approach because it reduces errors in transmission and manual configuration

1. Configure SAML Identity Provider: 
   • Preferred Approach: Use the SAML Service Provider Metadata XML file provided by Swank to import our configuration into your SAML Identity Provider. You can download the file here.
   • Alternate Approach: If your identity provider does not support importing an XML Metadata file, use the manual configuration.
2. Configure Swank Streaming Portal:
   1. Login with your admin credentials provided by your Account Manager.
   2. Configure your settings via the XML document in the SAML Settings portion of the Cloud Streaming Admin Portal. 
      • Preferred Approach: Generate a SAML Identity Provider Metadata XML file from your Identity Provider service and import into "Load Settings" area with the "SAML External" tab
      • Alternate Approach: If your identity provider does not support exporting an Identity Provider Metadata XML file, use the manual configuration
3. Create Role Mapping: To elevate permissions for Instructors or Administrators, you must add role mapping rules to map roles from your identity provider into roles for the streaming system.
   • Additional information on Roles can be found here: User Roles
   • More information on Role Mapping can be found in the following document on Step 3: SAML Authentication Configuration
4. Testing: Test the integration using SAML to ensure access.
   • If there are issues, you will need to create a test account for each role. 

IP Authentication

Currently, K12 streaming portals cannot support IP-based access due to our need to differentiate between students and staff. K12 students do not have access to browse the full catalog and must be assigned specific titles. Allowing IP authentication could inadvertently provide students with broader access. Given our contractual obligations with the studios, it’s essential that students cannot access the entire film catalog. Enabling IP authentication would allow any student with a link to access the portal, which is why the system was designed without this feature. 

External Documentation

Google GSuite - https://support.google.com/a/answer/6087519?hl=en