When does this scenario apply?
You can use your organizational system as your MediaSpace identity and role authorization provider when:
- You have a large-scale MediaSpace deployment. You want all users to log into MediaSpace with their organizational credentials and to be authenticated by your centralized authentication system.
- You can provide access from the MediaSpace application to your authentication and group management systems.
- Authorization to access MediaSpace with a specific Application Role derive in most cases from user membership in organizational units or groups.
Who can access MediaSpace?
Only users who are authenticated and authorized by your systems can access MediaSpace. Users who are not authenticated by your systems are denied access to MediaSpace and are not able to log in.
What user details are stored in Kaltura?
The user’s identifier, Application Role, and first and last names (optional but recommended) must be stored in Kaltura.
After the user logs into MediaSpace for the first time, administrators can view and manage the user record on the User Management panel of the Kaltura MediaSpace Administration Area. The user’s organizational password is not saved in Kaltura.
Can you manually set different user details in Kaltura?
Yes, you can manually set different user details in Kaltura.
After the user logs into MediaSpace for the first time, administrators can manage the user record on the User Management panel of the Kaltura MediaSpace Administration Area. An administrator can override the user details (first and last name) and the user MediaSpace Application Role. This option is useful mainly for granting a higher- or lower‑level Application Role to certain users. For example, you can set a Viewer Application Role to a large group of people within your organization and then manually assign the higher level MediaSpace Admin role to a few of them.
To enable overriding settings manually
- On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth module.
- Set the following values and click Save.
- To allow manual changes to the users’ details: Under refreshDetailsOnLogin, select No.
This option is displayed only when using an external authentication provider. - To allow manual changes to the users’ role:
Under refreshRoleOnLogin, select No.
This option is displayed only when using an external role authorization provider.
- To allow manual changes to the users’ details: Under refreshDetailsOnLogin, select No.