VIDIZMO offers your organization high flexibility and low cost of SSO integration with a number of identity providers, including your organization's Azure Active Directory (AD). VIDIZMO allows its customers to utilize their Azure Active Directory (AD) for facilitating its Portal users with Single Sign-On (SSO) capabilities. Not only this but with an app model SSO integration, VIDIZMO makes the integration as easy as enabling/disabling your AD SSO from within the platform in minutes.
Note: Azure Active Directory does not allow Single Sign-On for embedded media on other platforms. Read more about it here.
To learn more about SSO options with VIDIZMO, read Understanding Single Sign-On.
This article provides you the step-by-step guide to configure SSO using Azure AD with your VIDIZMO portal. Configuration consists of the following two sections:
- Configuration in Azure portal
- Configuration in VIDIZMO portal
Configuration in Azure Portal
This section requires you to create an application in your Azure AD. Follow the steps given at How to: Use the portal to create an Azure AD application.
Note: Sign-on URL required for App Registration in Azure Portal is your organizations's VIDIZMO domain. And for the application to work, this domain needs to be set to HTTPS. To learn how to do that, see: How to configure your Portal to use HTTPS only.
1. From Azure AD > App Registrations > App you just created:
i. Click on Settings.
ii. Further expand Reply URLs.
iii. Enter a Reply URL where Azure AD will reply back to after user sign-in is done. This URL would be your VIDIZMO Portal URL with /sso/signin-azuread concatenated to it.
iv. Click on the Save button.
At the end of this section, follow the steps given here to obtain the following three entities: your Azure AD directory ID, Application ID of the app you created and Key generated against the app you created.
Configuration in VIDIZMO portal
Now that you have the resources required to configure Azure AD SSO in your VIDIZMO Portal, follow these steps:
1. From the Portal's Homepage,
i. Click on the navigation menu on top left corner.
ii. Expand Admin tab.
iii. Click on the Settings tab and you'll be directed to Portal Settings page.
2. On Portal Settings page,
i. Click on the Apps tab on the left-hand panel.
ii. Further click on the Single Sign-On tab.
iii. Locate the Azure AD App on the screen, and click on the Settings icon at the right-hand side.
3. After clicking on the Settings icon, a window will appear:
i. Client ID: Paste the Application ID in the Client ID text box.
ii. Client Secret: Paste the Key in the Client Secret text box. The client secret is used for accessing groups in your Identity Provider (IdP).
iii. Authority: Replace directoryId in the following URL by Azure AD Directory ID: https://login.microsoftonline.com/directoryId/v2.0 and paste it in the Authority text box.
iv. Requires HTTPS Metadata: Select this check box to ensure HTTPS is required to get the metadata. When the request is handled for the first time, it tries to retrieve some metadata from the authorization server (also called an authority or issuer). This metadata, or discovery document in OpenID Connect terminology, contains the public keys and other details needed to validate tokens.
v. Force Login: Force login is to be enabled in order to make sure users can sign in when VIDIZMO sign-in has been turned off.
vi. Callback Path: Specifies the callback location where the authorization will be sent to your Portal.
vii. Scope: OpenID Connect uses scope values to specify what access privileges are being requested from the Azure AD authorization server. They determine the scope of the access request being made. We include the following scopes while authentication:
- openid is one of the basic scopes that defines the intent of the application to verify the identity of the user.
- profile is a scope value that defines the request to access user's default profile attributes or claims such as name, gender, picture, etc.
- user.read grants permission to access the complete profile of the user, which helps in complete attribute mapping.
- Directory.Read.All is used to grant access to the organization's directory which helps define groups in VIDIZMO that map onto organizational units to streamline content management within the Portal.
viii. Response Type: Specifies the response type for OIDC authentication. Any combination of code, token, and id_token is used and is an opaque value that can be used to redeem tokens from the token endpoint. In our example, we have used "code" type. The code is returned if the response_type includes code. The code has a lifetime of 60 seconds.
ix. Save Tokens: Enable Save Tokens in order to be able to map users to their organizational units.
x. Attribute Mapping: Attribute Mapping allows you to map your attributes with the IdP's attributes.
xi. Click on the button Save Changes.
A notification will appear stating Portal Information Updated Successfully.
4. On the Portal Settings > Apps > Single Sign-On screen:
i. Click on the toggle button at the right-side of Azure AD to enable Azure AD SSO.
Navigate to the Portal's login screen and you will see an option Sign in with Azure AD. To learn further about signing in, read Sign in using Microsoft Account.
Roles and Permissions
Only Administrators and Managers can configure an SSO App in Portal Settings.