Skip to main content
Sign in

Cloud Streaming - SAML Authentication Configuration

Ryan Barnes
  • Updated

Step 1 – Configure SAML Application in your IDP

Choose the guide below to see examples of how to configure your IDP. If your IDP is not listed, please review the Okta guide as it tends to be the most helpful for less common applications. 

(Note: Please keep in mind that SAML has a 1:1 relationship with our sites. You cannot use a SAML instance on multiple sites/portals. You need a unique entity ID for each streaming portal, or you can use Google OAuth)

 

Once your IDP is configured proceed to Step 2 below.

 

Step 2 – Configure Digital Campus SAML Authentication

  1. Log Into your Digital Campus portal and select the Admin section (e.g.: https://digitalcampus.swankmp.net/[your site ID]/admin )
  2. Select Authentication/SAML Settings in the left menu
    mceclip4.png
  3. Locate the IdP Metadata XML file from your IDP
  4. Click Import Identity Provider Settings
    mceclip5.png
    • In the Load External Identity Provider Settings pop up window, click Select and navigate to the IdP Metadata XML file you saved from Step 1, Bullet 5
      Note: The EntityID (optional) field is only needed if the IdP XML contains multiple EntityIDs. This is not common
      mceclip6.png
      Click Save
  5. Test the SAML settings by clicking Test SAML Login
    mceclip7.png
    • When prompted enter your user credentials and password
    • If everything is set up properly you will receive a "Success" message in a pop-up window. This message contains important information about what attributes are being returned and what you can use to elevate permissions if needed
      mceclip0.png

 

Step 3 – Role Mapping, User Authorization, and Permission Elevation

Video instructions for SAML Role Mapping

(You'll need to play the video in full-screen mode to see the relevant details.)
If you'd prefer to use written instructions, please continue below.

 

All successful authentications will be authorized at the "Basic" or "User" account levels (role) by default depending on the market. To elevate permissions to a higher permission level for Instructors or Administrators you will need to add Role Mappings to grant this elevation either by Attribute Value or Individual UserID. For more information on Account Level Permissions, please see the following article: 
https://swankmp.zendesk.com/hc/en-us/articles/5723258435092-Cloud-Streaming-User-Account-Roles

 

Option 1: SAML Role Mapping via Attributes (recommended)

To use this, you will need to identify or create an attribute that defines the user group(s) and differentiates them from the general population (students). You can see what attributes are currently being delivered in your SAML statement in the Test results. Example below: 

 "UserID": "gsuiteteacher01@k12digitalmovies.com",
  "Attributes": [
    {
      "Name": "costcenter",
      "Value": "teacherCostCenter"
    },
    {
      "Name": "department",
      "Value": "Science"
    },
    {
      "Name": "jobtitle",
      "Value": "teacherJobTitle"
    },
    {
      "Name": "urn:oid:0.9.2342.19200300.100.1.3",
      "Value": "gsuiteteacher01@k12digitalmovies.com"
    },
    {
      "Name": "urn:oid:2.5.4.4",
      "Value": "teacher01"
    },
    {
      "Name": "urn:oid:2.5.4.42",
      "Value": "gsuite"

In this example, you can see the attribute "department" has a value of "science". We will use this as an example as to how to grant "Instructor" permissions to all users with this attribute value: 

  1. Under Option 1: Saml Role Mapping, Click SAML Role Mapping
    mceclip1.png
    This will take you to the Advanced Settings/Role Mapping area of the admin
  2. Click Add Role Mapping
    mceclip2.png
  3. In the Create New Role pop-up window, for this example you would enter:
    Attribute Name: department
    Value: Science
    Role: Instructor
    mceclip3.png
  4. You will now see your Role Mappings in the listing
    mceclip4.png

You may add as many of these as needed for Instructor and Administrator permissions. 

 

Option 2: Individual User Role Mapping

You may use this option if you do not have a defining SAML attribute, or if you just need to allow a few individuals elevated permissions. Here you will need to use the "UserID" that is delivered in the SAML statement from your IDP. This could be an email address, username, or GUID. You will find this in the test results in Step 2, Bullet 5.  Note: You will want to enter the email exactly as it appears, including case sensitivity. 


Example:

"UserID": "gsuiteteacher01@k12digitalmovies.com"

 

Adding Individual Users

    1. Click Add User
      mceclip5.png
    2. Enter the specific user's UserID in the field and select the Role you wish to elevate them to.
      Example:
      UserID: gsuiteteacher01@k12digitalmovies.com
      Role: Instructor
      mceclip6.png

You may add as many users as needed. You may also wish to bulk import these to ease managing these users. See next step. 

 

Bulk Import Users

  1. Select Import Users
    mceclip7.png
  2. Here you have two choices: To import using a file, or to add multiple entries separated with delimiters
    mceclip8.png
    You can download a file template in the popup window to assist in formatting
  3. For File Import click Select file... and browse to the file location on your computer
  4. For "Multiple Entries" choose the delimiter style you wish to use and the role for these users and paste or type the UserIDs in the window provided
  5. You users will now appear in the listing 
    mceclip9.png

Final Step - Activate

Once you have tested successfully and mapped the appropriate roles, remember to click the Activate button at the top right of the SAML Settings page.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk