Configuring Kaltura Authentication and Authorization

Authenticating or authorizing MediaSpace users in Kaltura requires creating MediaSpace user accounts that include a MediaSpace Application Role. Only users with a MediaSpace user account and MediaSpace Application Role are able to log into MediaSpace.

Authenticating MediaSpace users in Kaltura also requires setting a password for each MediaSpace user.

To configure Kaltura authentication

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
    After you complete and verify the following steps, click Save.
  2. Under authNAdapter, select Kms_Auth AuthN.
  3. Select your preferences for the common login options.

To configure Kaltura authorization

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
  2. Under authZAdapter, select Kms_Auth AuthZ and click Save.
     

Configuring a User Application Role

After a user logs into MediaSpace for the first time, administrators can manage the user record on the User Management panel of the Kaltura MediaSpace Administration Area. An administrator can override the user details (first and last name) and the user MediaSpace Application Role. This option is useful mainly for granting a higher- or lower‑level Application Role to certain users. For example, you can set a Viewer Application Role to a large group of people within your organization and then manually assign the higher level MediaSpace Admin role to a few of them.

To create MediaSpace user accounts that include a MediaSpace Application Role

Do one of the following:

  • On the User Management panel of the Kaltura MediaSpace Administration Area, you can create and manage MediaSpace user accounts.
    Use the list to manually manage all users in the partner account that have a MediaSpace role for the specific MediaSpace instance.
  • Submit a Kaltura end-users CSV to create MediaSpace user accounts in bulk.  

    Note: There is a 5000 user limitation on channel and category members. If more members are expected, please use Kaltura Groups . See Group Support in Kaltura Applications and Kaltura Groups FAQ for additional information.

    Use the following format:
  • To learn more about the end-user CSV schema, refer to End-Users CSV – Usage and Schema Description.
  • The userId field must include a minimum of three characters.
  • The MediaSpace Application Role is managed within the MediaSpace user metadata schema. Adjust the schema name in the example to include your MediaSpace instanceId. (You can copy the MediaSpace instanceId from the Configuration Management panel Application tab of the Kaltura MediaSpace Administration Area.)
  • Set the role names in the CSV according to the role labels you set in the Configuration Management panel Roles column of the Kaltura MediaSpace Administration Area.
  • When using Kaltura to authenticate users, you may populate a sha1 hashed password in the CSV as part of the partnerData field, as in the example. MediaSpace administrators are responsible for managing password hashing and distribution to users. The un-hashed password must include a minimum of six characters.
  • When using Kaltura only for authorizing user access to MediaSpace with a specific application role, do not populate the password in the CSV. (You can remove the partnerData column in the example from the CSV since it is not required.)
  • You can submit the end-users CSV in the following ways:
    • On the User Management panel of the Kaltura MediaSpace Administration Area, click Submit CSV.
    • In the KMC, click Create and then in the Bulk Upload Screen, select End-Users..

To automate the update of the authorized MediaSpace users list

When you manage MediaSpace authorization in Kaltura, you can develop automated processes for updating the list of MediaSpace users based on changes in your organizational information system.

  • You can develop a scheduled update process to periodically add or delete multiple users to the MediaSpace users list using the Kaltura end-users CSV. In your script, you can call the  user.addfrombulkupload Kaltura API action to submit the CSV.
  • Using Kaltura API actions, you can develop a trigger-based process to update the MediaSpace users list in real time when changes occur in your organizational information system. You can call the user.add, user.delete and user.update Kaltura API actions to add, delete, and update specific user records. You can call the metadata.add, metadata.delete, and metadata.update Kaltura API actions to add, delete, and update the user's MediaSpace role. 

Deleted users are also removed from all channels in which they are members. Content ownership and analytics information of the deleted user are not deleted.

Since user records are shared by all Kaltura applications running on the same account, we recommend that you delete records only of users who left the organization. In other cases, we recommend revoking the user's access to MediaSpace by using the Kaltura API to remove only the user's MediaSpace role or by using the User Management panel of the Kaltura MediaSpace Administration Area to delete the user.  

In This Article
Was this article helpful?
Thank you for your feedback!