Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via SAML to the Screencast-O-Matic screen recorder and video editor under your team plan. Once users are authenticated, their user accounts will automatically be created under Screencast-O-Matic premier hosting services.
- Team Deluxe or Team Premier Plan
- ADFS instance
Here are the SAML attributes the integration will need from the ADFS server:
- First Name
- Last Name
Get SAML Setup Information from Screencast-O-Matic
Once you have your ADFS server setup, you may choose to optionally require login via SAML within the Screencast-O-Matic account hosting settings.
- Go to your account hosting settings under the Hosting tab.
- Under Hosting Settings, click on Settings.
- Scroll down to "SAML User Access (Optional)" and either Enable or Require. Enable makes SAML login optional for your users. Require forces your users to login via SAML.
Once enabled, you will find the additional settings one will need to setup communication between Screencast-O-Matic and the ADFS identity provider.
Download the metadata XML from the settings area.
Save this XML for a later step. Next, we will get ADFS setup before coming back to this settings window to upload the IDP identify file.
Setup ADFS Identity provider
Our assumption here is you have an ADFS instance setup for single sign-on. Refer to this article if you are using Azure.
To update your ADFS metadata complete these steps. You will likely require admin privileges for your ADFS instance to perform these steps.
- Log in to the ADFS Management Console.
- In the left sidebar, click ADFS 2.0 > Trust Relationships.
- Click on Relying Party Trusts.
- Click Update from Federation Metadata.
- Right click on the relying party trust, then click Properties.
- Click Monitoring, and paste the following url into the Relying party's federation metadata URL field.
- Place checkmarks in the options for Monitor relying party and Automatically update relying party.
- Click OK.
- Select the same relying party trust item that you just configured. In the right sidebar, click Update from Federation Metadata.
- Ignore the message regarding ADFS2.0 support if this appears. Click OK.
- Finally click on Update to complete updating the federation metadata with the Screencast-O-Matic metadata file.
Upload the Identify Provider File to Screencast-O-Matic
With ADFS setup, we need to find the IDP file / Federation Metadata XML and upload this to the Screencast-O-Matic account hosting settings.
Typically, this file is found here:
Download this file, and head back to the Screencast-O-Matic account hosting settings.
Under SAML User Access, find the IDP Metadata XML file upload field.
Once uploaded, verify the Current IDP Metadata field is updated and the Screencast-O-Matic setting has found the federation metadata file.
If everything looks good, you are done!
My team users were previously using Screencast-O-Matic without SAML. What will happen if we enable login via SAML?
If you have users that have installed the local application and they launch that application without using the website then they won't see any difference when you enable SAML. Anybody that launches from the team access page on the website will be prompted to login from SAML. However these users won't be counted as new users with regard to your monthly quota if they previously used the Screencast-O-Matic aplication in the last month.
Is First and Last name required to setup with Screencast-O-Matic SAML authentication? Can we just use the Name ID?
First and Last name is required as SAML requires setting up a user in our system.
Getting the first name and last name (given name and surname) to auto-populate in Screencast-O-Matic.
If the name is not auto-populating, try mapping the LDAP attributes like this.
Surname -> urn:oid:188.8.131.52
Given-Name -> urn:oid:184.108.40.206
How often are user credentials revalidated?
Is content stored securely?
- Password protect videos and/or video channels (playlists)
- Set search visibility on videos (nowhere, only on your branded Screencast-O-Matic site, or everywhere i.e. indexed by Google)
- Require only team users you have invited to your hosting account be able to view your team videos