Adding SAML Login using Premium Azure

Adding SAML Login using Premium Azure

Setup Screencast-O-Matic with Microsoft Azure ADFS SSO (SAML) for your organization

Active Directory Federation Services (ADFS) via Microsoft Azure can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Screencast-O-Matic Team Plan.  When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.

Prerequisites 

  1. Your organization must be using Azure ADFS 
  2. You will need administrative permissions to your Azure ADFS account
  3. You must be using a Screencast-O-Matic Team Plan 
  4. You will need administrative permissions for your Team Plan


Adding SAML Login using Azure

Active Directory Federation Services (ADFS) using Microsoft Azure can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Screencast-O-Matic Team Plan.  When Team users first authenticate via SAML and you have configured SAML to create users, we setup their dedicated hosting account as part of the Team Plan.

1. Login to Screencast-O-Matic as Team Admin and click your user icon, then Settings.

2. On left sidebar, click Authentication.


3. Under "SAML Authentication" move the slider to On which requires your users to login via SAML.


Once enabled, you will find the additional settings needed to setup communication between Screencast-O-Matic and the Azure ADFS identity provider.

4. In the text box, specify a unique access URL.  This URL will be used by your Team the first time they authenticate into Screencast-O-Matic.  When visiting this URL, the user will be re-directed to your organization network login for sign-in or if they are already logged into your network they will be automatically signed into Screencast-O-Matic.
note: "myuniqueurl" shown below will be a name you create for your access page.
 

5. If you intend to have your users enjoy the advanced features provided in hosting (branded player, content sharing, channel carousel, stock media, etc.) then you need to check "Create users on Screencast-O-Matic".   The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.
Setting up users


6. Download the metadata XML from the settings area.


7. Go to Azure Portal > Azure Active Directory 

8. Go to Enterprise applications > All applications > click New application

image001.png

 

9. Select Non-gallery application button and enter the name an click ‘Add’

image002.png

 

10. Before setting up SSO, determine if users will be assigned to the app or if all users will have access.
* If users will be assigned, assign them under Users and groups
* If all users will have access, set “User assignment required” to No under the Properties screen

image006.png

 

11. On the app config screen, select Single Sign-on and switch the dropdown to SAML-based Sign-on

image003.png

 

12. Upload the Screencast-O-Matic XML metadata file you downloaded in step #4.

image004.png


13. Under User Attributes, change the User Identifier to “user.mail” 

image005__1_.png

 

14. Click the “Save” icon at the top to save the configuration.

15. Under SAML Signing Certificate, click the “Metadata XML” link to download the metadata for this setup.

16.  Go back to your Authentication Settings on Screencast-O-Matic.com.  Under SAML User Access, click the Choose File button under Upload IDP Metadata File section.



Once uploaded, the file will be validated and you should see a message "Metadata matches".   You can click Test Login and you should see the normal login prompt for your organization.  



17. Click the Save button to commit the IDP Metadata and you are done. 


18. Click the “Test Login” link to make sure the login works. If it says the user is not registered in the application, make sure the user accounts are setup in Azure correctly (see step 10)



    • Related Articles

    • Setup Screencast-O-Matic with ADFS SSO (SAML) for your organization

      Setup Screencast-O-Matic with ADFS SSO (SAML) for your organization Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your ...
    • Google Apps SAML Integration with Screencast-O-Matic

      Google Apps SAML Integration with Screencast-O-Matic Google Apps serving as the Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to the Screencast-O-Matic ...
    • Using a Channel Recorder Button

      What is a Channel Recorder button? Adding a Channel Recorder button will allow your audience to launch the recorder and submit their content to your channel. The recorder button launches a version of the screen recorder, that contains a simplified ...
    • How to find a Recording while using the Free Recorder Subscription

      If you are experiencing issues finding your videos after completing a recording using the free Screencast-O-Matic screen recorder, follow the instructions below:  If you saved the video file to your computer (using the 'Save As Video File' option) do ...
    • Using a custom domain (CNAME)

      Using a custom domain  With a Team plan, you can use Screencast-O-Matic to host your content and configure it as a subdomain (example: videos.mysite.com). To do this, you will need to own or register a domain. Step 1: Purchase/Register a Domain There ...