Set up Screencast-O-Matic with ADFS SSO (SAML) for your organization

Set up Screencast-O-Matic with ADFS SSO (SAML) for your organization

Set up Screencast-O-Matic with ADFS SSO (SAML) for your organization

Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to your Screencast-O-Matic Team Plan.  When Team users first authenticate via SAML and you have configured SAML to create users, we set up their dedicated hosting account as part of the Team Plan.

Prerequisites 

  1. Your organization must be using a dedicated ADFS instance
  2. You will need administrative permissions to your ADFS instance
  3. You must be using a Screencast-O-Matic Team Plan 
  4. You will need administrative permissions for your Team Plan

Get SAML Setup Information from Screencast-O-Matic

Once you have your ADFS server set up, your Team Admin can choose to optionally require login via SAML from the Screencast-O-Matic Admin Account Authentication settings.

1. Log in as Team Admin, click your user badge, then select Settings.

2. On the left sidebar, click Authentication.



3. Under SAML Authentication move the slider to On, which requires your users to log in via SAML.


Once enabled, additional settings are displayed, enabling you to set up communication between Screencast-O-Matic and the ADFS identity provider.

4. In the text box under Access URL, specify a unique access URL.
This URL will be used by your Team the first time they authenticate into Screencast-O-Matic.  When visiting this URL, the user will be redirected to your organization network login for sign-in or, if they are already logged into your network, they will be automatically signed into Screencast-O-Matic.
Note: "myuniqueurl" shown below is an example. This should be the name you create for your access page.
 

5. If you intend to have your users enjoy the advanced features provided in hosting (such as the branded player, content sharing, channel carousel, stock library images and videos, etc.) you must select Create users on Screencast-O-Matic using SAML for this Access URL. The first time a user from your organization logs in via SAML, their hosting account will be set up so they can manage and share content.


6. Next, download the metadata XML file from the settings area. This file can be found under Screencast-O-Matic SAML Info, as displayed in the image below.


7. Save this XML file for a later step. 

Next, we will get ADFS set up before coming back to this settings page to upload the IDP identify file.

Setup ADFS Identity provider 

This section covers an ADFS instance setup for single sign-on.  Refer to this article if you are using Azure.

To update your ADFS metadata complete the steps below.  You will likely require admin privileges for your ADFS instance to perform these steps.

1. Log in to the ADFS Management Console.
2. In the left sidebar, click ADFS 2.0 > Trust Relationships.
3. Click on Relying Party Trusts.
4. Click Update from Federation Metadata.
5. Right click on the relying party trust, then click Properties
6. Click Monitoring, and paste the following URL into Relying party's federation metadata URL: https://screencast-o-matic.com/saml/metadata.xml
7. Select the checkboxes for Monitor relying party and Automatically update relying party.
8. Click OK.
9. Select the same relying party trust item that you just configured. In the right sidebar, click Update from Federation Metadata.
10. Ignore the message regarding ADFS2.0 support if one is displayed. Click OK
11. Finally, click Update to complete updating the federation metadata with the Screencast-O-Matic metadata file.


Upload the Identify Provider File to Screencast-O-Matic

With ADFS setup, we need to find the IDP file / Federation Metadata XML and to upload it to the Screencast-O-Matic Admin Account Authentication settings.

Typically, this file is found here:

https://myadfs.example.com/FederationMetadata/2007-06/FederationMetadata.xml

Download this file, and navigate back to the Screencast-O-Matic Admin Account Authentication settings.

1. Under SAML User Access, click the Choose File button under Upload IDP Metadata File.


Once uploaded, the file will be validated and you should see a message "Metadata matches".   

2. Click Test Login and you should see the normal login prompt for your organization.  


3. Next, click the Save button to commit the IDP Metadata and you are done. 

4. Click the Test Login link to make sure the login works for an actual user. 


FAQ

Is First and Last name required to setup with Screencast-O-Matic SAML authentication?  Can we just use the Name ID?

First and Last name is required as SAML requires setting up a user in our system. 

Getting the first name and last name (given name and surname) to auto-populate in Screencast-O-Matic.

If the name is not auto-populating, try mapping the LDAP attributes like this.

Surname -> urn:oid:2.5.4.4
Given-Name  -> urn:oid:2.5.4.42 

How often are user credentials revalidated? 

With SAML enabled, users will be required to re-login after a month of usage. 


    • Related Articles

    • How To Add Captions To A Screencast-O-Matic Recording and Upload to Screencast-O-Matic.com or Youtube.

      There are several ways to add captions to your Screencast-O-Matic recordings using our Video Editing tool. Add captions from a file With a video selected in the Video Editing tool, click  in the bottom right of the screen. In the box for Title, enter ...
    • Google Workspace SAML Integration with Screencast-O-Matic

      Google Workspace SAML Integration with Screencast-O-Matic Google Workspace serving as an Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to ...
    • Add SAML Login using Premium Azure

      Adding SAML Login using Premium Azure Once you have your ADFS server setup, your Team Plan admin may choose to optionally require login via SAML from the Screencast-O-Matic Admin Account Authentication Settings. Login as Team Admin and click your ...
    • Admins: Silently install Screencast-O-Matic for users

      When you are provisioning a group of users as a Team Admin, you can silently install the Screencast-O-Matic application all of your users' computers within the team and organization. Using a silent install allows you to provide your team with the ...
    • Upload to Screencast-O-Matic on Chromebook

       Upload to Screencast-O-Matic on Chromebook The Screencast-O-Matic Chromebook application allows a user to upload their content to the Screencast-O-Matic hosting platform.  If you would like to save your content online for easy sharing, uploading ...