Setup Screencast-O-Matic with Microsoft Azure ADFS SSO (SAML) for your organization
Active Directory Federation Services (ADFS) via Microsoft Azure can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Screencast-O-Matic Team Plan. When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.
Prerequisites
- Your organization must be using Azure ADFS
- You will need administrative permissions to your Azure ADFS account
- You must be using a Screencast-O-Matic Team Plan
- You will need administrative permissions for your Team Plan
Adding SAML Login using Azure
Active Directory Federation Services (ADFS) using Microsoft Azure can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Screencast-O-Matic Team Plan. When Team users first authenticate via SAML and you have configured SAML to create users, we setup their dedicated hosting account as part of the Team Plan.
1. Login to Screencast-O-Matic as Team Admin and click your user icon, then Settings.
2. On left sidebar, click Authentication.
3. Under "SAML Authentication" move the slider to On which requires your users to login via SAML.
Once enabled, you will find the additional settings needed to setup communication between Screencast-O-Matic and the Azure ADFS identity provider.
4. In the text box, specify a unique access URL. This URL will be used by your Team the first time they authenticate into Screencast-O-Matic. When visiting this URL, the user will be re-directed to your organization network login for sign-in or if they are already logged into your network they will be automatically signed into Screencast-O-Matic.

note: "myuniqueurl" shown below will be a name you create for your access page.
5. If you intend to have your users enjoy the advanced features provided in hosting (branded player, content sharing, channel carousel, stock media, etc.) then you need to check "Create users on Screencast-O-Matic". The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.

Setting up users
6. Download the metadata XML from the settings area.
7. Go to Azure Portal > Azure Active Directory
8. Go to Enterprise applications > All applications > click New application

9. Select Non-gallery application button and enter the name an click ‘Add’

10. Before setting up SSO, determine if users will be assigned to the app or if all users will have access.
* If users will be assigned, assign them under Users and groups
* If all users will have access, set “User assignment required” to No under the Properties screen

11. On the app config screen, select Single Sign-on and switch the dropdown to SAML-based Sign-on

12. Upload the Screencast-O-Matic XML metadata file you downloaded in step #4.

13. Under User Attributes, change the User Identifier to “user.mail”

14. Click the “Save” icon at the top to save the configuration.
15. Under SAML Signing Certificate, click the “Metadata XML” link to download the metadata for this setup.
16. Go back to your Authentication Settings on Screencast-O-Matic.com. Under SAML User Access, click the Choose File button under Upload IDP Metadata File section.
Once uploaded, the file will be validated and you should see a message "Metadata matches". You can click Test Login and you should see the normal login prompt for your organization.
17. Click the Save button to commit the IDP Metadata and you are done.
18. Click the “Test Login” link to make sure the login works. If it says the user is not registered in the application, make sure the user accounts are setup in Azure correctly (see step 10)