Authentication and Authorization Are Managed in Kaltura

When does this scenario apply?

You can use Kaltura as your MediaSpace identity and role authorization provider when:

  • You want to launch a MediaSpace pilot in your organization without IT integration.
  • You want to quickly go live with your organizational video portal before performing IT integration with your organizational authentication and group management systems.
  • Only a few users in your organization need to work with MediaSpace, and there is no requirement or need for managing user authentication and credential validation in your organizational systems.
  • You do not have a centralized authentication system or you are not able to provide access to your authentication system from the MediaSpace application.

Who can access MediaSpace?

Only users with a MediaSpace user account pre-provisioned in Kaltura can access MediaSpace. (The user account must include a MediaSpace Role and a MediaSpace password.) If you want to revoke MediaSpace access from a specific user, it is your responsibility to delete the user account in one of the following ways:

  • On the User Management panel of the Kaltura MediaSpace Administration area, select one or more users, and click Delete or Delete Checked.
  • Submit a Kaltura end-users CSV to delete MediaSpace user accounts in bulk.  To learn more, see the submit a Kaltura end-users CSV procedure step.
  • Use the Kaltura API to:
    • Delete the user record.
    • Remove the user's MediaSpace Role stored in a custom data profile.

How do you switch from Kaltura-managed authentication and authorization to managing MediaSpace authentication and authorization in your system?

Following the completion of your pilot, or when the IT integration with your user authentication and group management systems is completed, on the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab and change the selected authentication/authorization method. In the Kaltura MediaSpace Administration Area, you may override the Kaltura‑managed Application Roles from your system on the Configuration Management panel or by manually deleting existing MediaSpace user accounts on the User Management panel.

To override Kaltura-managed Application Roles on the Configuration Management panel

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
  2. Set the following values and click Save
    1. Under refreshDetailsOnLogin, select Yes.
      This option is displayed only when using an external authentication provider.
    2. Under refreshRoleOnLogin, select Yes.
      This option is displayed only when using an external role authorization provider.

 

Multiple SAML instances may be configured, which can increase the total number of login options. For more information about SAML authentication, see the Kaltura MediaSpace™ SAML Integration Guide

In This Article
Was this article helpful?
Thank you for your feedback!