Enterprises managing multiple domains are sometimes required to allow or restrict access to services across domains. VIDIZMO Administrators can configure permissions for specific Users and Groups using either Centralized Identity and Access Management Systems or from VIDIZMO's ID Connector application.
There are two ways to achieve this:
1. Setting Channel Level Permissions From An Identity and Access Management System (e.g. Okta)
2. Setting Channel Level Permissions From VIDIZMO's ID Connector
1. Channel Level Permissions From An Identity Provider
Assigning Channel Level Permissions To Specific Users and Groups From Centralized ID Providers
Log in to the respective Identity and Access Management System which manages the SSO.
We will be using Okta in our example.
1. Go to www.okta.com and click on Sign In. If you have not created an Okta ID, cerate an account in Okta first, then sign in.
Click here to learn more about How To Setup SSO Using Okta.
2. Select existing user groups or create new ones that you would like to assign permissions to access your desired VIDIZMO channel.
For new user groups, you can add users by selecting the group and click on Manage People.
The Created Group shows up in the list:
3. Select the group to open the Group's main screen and add users to the group. Then click on the Save button to save your selection.
4. After you have added people to the Group and saved the selection, the next screen will list the added people and the top of the screen will present further actions that can be performed to the Group. From here, click on the Manage Apps button.
Note: Each VIDIZMO channel is added as an "App" (short for "Application") in Okta and other IAM solutions.
5. Select the VIDIZMO Channel (App) you would like to assign permissions to, for the selected group.
The Assign button will change from Assign to "Assigned".
Click on the Done button.
The Assigned VIDIZMO Channel (App) will appear the Apps tab.
Repeat this step for each group that you would like to assign permissions to access your desired VIDIZMO Channel.
6. On the VIDIZMO Channel, Sign in from the link on the top bar.
You will be presented with the Corporate Log-in screen:
Based on the group level settings defined in Okta, only the users in groups assigned to your selected Channel will be able to access it.
2. Channel Level Permissions Using VIDIZMO's ID Connector
VIDIZMO ID Connector is an add-on module which integrates VIDIZMO Channel, VIDIZMO Enterprise or VIDZIMO Appliance with local AD or LDAP directory services, providing simplified and Central User Management and Authentication mechanism for enterprise users.
This is ideal for organizations:
- Having hundreds or thousands of users who will require VIDIZMO access
- Looking to simplify user management
- Looking to bring convenience to their users by providing them single user ID and password to access VIDIZMO
- Concerned about administrative overhead managing separate user accounts on VIDIZMO
VIDIZMO ID Connector’s basic function is to synchronize users between Active Directory (AD) and VIDIZMO Portal, providing SSO functionality and central administration of users. There might be a possibility that the Administrator only wants selected AD users to gain access to the VIDIZMO Portal. In this case, Administrators can map Organizational Units (OU) and/or Groups to VIDIZMO imported by ID Connector.
Whenever an AD user accesses VIDIZMO Channel if it is setup with ID Connector, it will redirect to its website where the user will provide its AD ID and password to sign in. Rest of the VIDIZMO functions will work the same way as they worked before.
The following diagram depicts the flow for the end user:
Click here to learn How To Install And Setup ID Connector?
Once the VIDIZMO's ID Connector has been installed and configured, access or restrictions can be applied to the Groups by using the ID Connector's Channel Mapping feature.
To learn more about this feature, click on the VIDIZMO ID Connector User Guide (this link goes to the Channel Mapping heading/bookmark in this article).