Setup Screencast-O-Matic with ADFS SSO (SAML) for your organization

Setup Screencast-O-Matic with ADFS SSO (SAML) for your organization

Setup Screencast-O-Matic with ADFS SSO (SAML) for your organization

Active Directory Federation Services (ADFS) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to the Screencast-O-Matic Screen Recorder and Video Editor under your team plan.  Also, when Team Premier users first authenticate via SAML, we setup their dedicated hosting account as part of the Team Plan.

Requirements

  • Team Deluxe or Team Premier Plan
  • ADFS instance 

Here are the SAML attributes the integration will need from the ADFS server:

  • Email
  • First Name
  • Last Name

Get SAML Setup Information from Screencast-O-Matic

Once you have your ADFS server setup, your Team Plan admin may choose to optionally require login via SAML from the Screencast-O-Matic Admin Account Authentication Settings.

1.Login as Team Admin and click your user icon, then Settings.

2.On left sidebar, click Authentication.


3. Under "SAML User Access" move the slider to On which forces your users to login via SAML.



Once enabled, you will find the additional settings one will need to setup communication between Screencast-O-Matic and the ADFS identity provider.

4. Download the metadata XML from the settings area.



5. Save this XML for a later step.  Next, we will get ADFS setup before coming back to this settings window to upload the IDP identify file.

Setup ADFS Identity provider 

Our assumption here is you have an ADFS instance setup for single sign-on.  Refer to this article if you are using Azure.

6. To update your ADFS metadata complete these steps.  You will likely require admin privileges for your ADFS instance to perform these steps.

  1. Log in to the ADFS Management Console.
  2. In the left sidebar, click ADFS 2.0 > Trust Relationships.
  3. Click on Relying Party Trusts.
  4. Click Update from Federation Metadata.
  5. Right click on the relying party trust, then click Properties.
  6. Click  Monitoring, and paste the following url into the  Relying party's federation metadata URL field: https://screencast-o-matic.com/saml/metadata.xml
  7. Place checkmarks in the options for Monitor relying party and Automatically update relying party.
  8. Click OK.
  9. Select the same relying party trust item that you just configured. In the right sidebar, click Update from Federation Metadata.
  10. Ignore the message regarding ADFS2.0 support if this appears.  Click OK.
  11. Finally click on Update to complete updating the federation metadata with the Screencast-O-Matic metadata file.


Upload the Identify Provider File to Screencast-O-Matic

7. With ADFS setup, we need to find the IDP file / Federation Metadata XML and upload this to the Screencast-O-Matic Admin Account Authentication Settings.

Typically, this file is found here:

https://myadfs.example.com/FederationMetadata/2007-06/FederationMetadata.xml

Download this file, and head back to the Screencast-O-Matic Admin Account Authentication Settings.

8. Under SAML User Access, click the Choose File button under Upload IDP Metadata File section.




9. Once uploaded, the file will be validated and you should see a message "Metadata matches".   You can click Test Login and you should see the normal login prompt for your organization.  



10. Click the Save button to commit the IDP Metadata and you are done. 


FAQ

Is First and Last name required to setup with Screencast-O-Matic SAML authentication?  Can we just use the Name ID?

First and Last name is required as SAML requires setting up a user in our system. 

Getting the first name and last name (given name and surname) to auto-populate in Screencast-O-Matic.

If the name is not auto-populating, try mapping the LDAP attributes like this.

Surname -> urn:oid:2.5.4.4
Given-Name  -> urn:oid:2.5.4.42 

How often are user credentials revalidated? 

With SAML enabled, users will be required to re-login after a month of usage. 


    • Related Articles

    • Google Apps SAML Integration with Screencast-O-Matic

      Google Apps SAML Integration with Screencast-O-Matic Google Apps serving as the Identity Provider (IDP) can provide your users with single sign-on (SSO) access via Security Assertion Markup Language 2.0 Standard (SAML) to the Screencast-O-Matic ...
    • Admins and Teachers: How to setup Screencast-O-Matic with Moodle

      Admins and Teachers: How to setup Screencast-O-Matic with Moodle The Screencast-O-Matic LTI screen recorder integrates with many learning management systems.  This article will help with the setup and use of the Screencast-O-Matic LTI app within the ...
    • Adding SAML Login using Premium Azure

      Adding SAML Login using Premium Azure 1. Login to Screencast-O-Matic as Team Admin and click your user icon, then Settings. 2. On left sidebar, click Authentication. 3. Under "SAML User Access" move the slider to On which forces your users to login ...
    • Admins and Teachers: How to setup the Screencast-O-Matic with Canvas LMS

      Screencast-O-Matic integrates with many learning management systems via the Learning Tools Interoperability (LTI) standard.  This article will help with the setup and use of the Screencast-O-Matic LTI app within the Canvas LMS for administrators and ...
    • Admins & Teachers: How to setup Screencast-O-Matic in Schoology LMS

      Screencast-O-Matic integrates with many learning management systems via the Learning Tools Interoperability (LTI) standard.  This article will help with the setup and use of the Screencast-O-Matic LTI app within the Schoology LMS for administrators ...