With single sign-on (SSO) becoming the norm for secure corporate logins, every organization needs flexible single sign-on integration so their employees can have a smooth, centralized login experience across different business applications.
In our previous blog, we covered SSO basics, why modern organizations need SSO and a brief discussion on how VIDIZMO video platform provides a flexible set of SSO integration options. In this blog, we will examine VIDIZMO’s distinctive SSO features that maximize customer value and convenience while using VIDIZMO video platform.
To implement single sign-on integration with VIDIZMO Enterprise Video Content Management System, we allow our customers to log in using any of the following identity providers:
- Directory services, e.g., Azure AD, ADFS, AWS, etc.
- Identity Access Management (IAM) services, e.g., Okta, OneLogin, Ping, Centrify
- Third-party login, e.g., Facebook, Google, Office 365, Twitter, LinkedIn
VIDIZMO also supports any authentication protocol such as Open ID Connect, SAML-P, and LDAP.
To make SSO integration quick and seamless, VIDIZMO employs an app model SSO integration that allows platform administrators to integrate with various identity providers, e.g., OneLogin, Okta, Azure AD, etc., directly from the admin-level application interface. In portal settings, an administrator can simply enable (or disable) SSO integration with a particular identity provider with a click of a button.
Within our SSO integration, following are five unique characteristics of VIDIZMO SSO explained along with their advantages and benefits to our customers:
1) Simultaneous SSO configurations of multiple identity providers
What it means:
Simply put, configuring VIDIZMO SSO with multiple identity providers is our way of enabling more than one SSO authentication services on the VIDIZMO login page at the same time. This means when your employees access VIDIZMO video platform via our web or mobile application, they have multiple login options from a range of selected identity providers for SSO authentication.
For instance, your users can have any combination of login options using directory services, IAM services or third-party logins such as Active Directory and Google login or OneLogin and Facebook login – or all at the same time. VIDIZMO makes this as easy as simultaneously enabling/ disabling multiple identity providers in the administrator platform interface with a single click of a button.
Business benefits and use cases:
- In a large organization, every independent departmental unit might have they own identity management solution. For instance, one department may use Azure Active Directory service while another may use Okta IAM service. In such a scenario, VIDIZMO will offer login option both using Azure AD and Okta on its login page for completely autonomous VIDIZMO portals segregated across departmental lines.
- In the case of a merger or acquisition, it is highly likely that two (or more) companies would have their respective identity management solutions, which they would not want to merge for security, compliance and management reasons. To resolve this, VIDIZMO can simultaneously integrate with different SSO services used by the merging companies and allow users to log in using their respective identity provider.
- In the case of your company’s external users such as partners, resellers, temporary workers, investors, suppliers, etc. accessing VIDIZMO video platform, they can be assigned a simple VIDIZMO login or a third-party login using Facebook or Google with selected permissions. In this case, the external users would log in to VIDIZMO using their VIDIZMO login or third-party login while internal employees continue to log in using the company’s identity provider such as Azure AD or Ping IAM service.
2) Group synchronization
What it means:
Group synchronization is the process whereby VIDIZMO offers its customers the option to maintain their groups or organizational units as defined in their company’s ID directory. For instance, employees grouped in an organizational unit such as marketing, finance or human resource in your company’s Azure AD will be synchronized and mapped under the same groups in VIDIZMO. When a user logs into VIDIZMO, they are automatically mapped to the group they were assigned in their identity provider employee data.
Business benefits and use cases:
- Save time and resource that would otherwise be spent redefining and reallocating people into organizational groups. Group synchronization is especially necessary for larger organization with many user groups segregated based on projects, roles, functions, departments, access rights, etc. that would be too inconvenient and time-intensive to allocate and assign manually.
- Group synchronization is also useful for specific role mapping (user rights and permission assignment) done later in VIDIZMO. To do this, people with similar functions can be grouped together during SSO and later assigned VIDIZMO-specific roles with specific access rights and permissions (admin, manager, moderator, contributor, viewer, ) collectively. This feature again saves time that would otherwise be spent managing these user assignments manually.
- Synchronize users to specific portals within VIDIZMO’s multitenancy video platform. For instance, VIDIZMO SCIM service can automatically map people from each organizational department such as finance, marketing, and human resource onto their independent portals. Similarly, an organization can classify portals by internal vs. external users or any other user mapping criteria.
3) User provisioning
What it means:
VIDIZMO uses SCIM service to enable user provisioning as part of its SSO, which automatically synchronizes any updated user information from the identity provider to VIDIZMO user data. This is applied in various business administration scenarios that require creation, deletion/ disabling, or modification of user accounts and profiles – scenarios most commonly encountered in the case of new hires, transfers, promotions, terminations, last name changes (for female employees), etc.
Business benefits and use cases:
- Automate business procedures like on boarding, off boarding, and other workforce administration processes.
- Reduce time inefficiencies and eliminate user productivity barriers that could result from users being blocked out of the system because of unupdated ID changes.
4) Custom attribute mapping (user registration fields mapping)
What it is:
When a user logs in to VIDIZMO using their identity provider credentials, by default, their basic unique details are also mapped to VIDIZMO application, such as first name, last name, email address, etc. However, if a company wishes to sync additional user details like their contact information, user designation, etc. within VIDIZMO platform, it is done using custom attribute mapping, so companies are able to select any user details from an identity provider and map it to their VIDIZMO user profiles.
Business benefits and use cases:
- Add as much employee data into VIDIZMO as needed directly from the identity provider, instead of having to add or consolidate it manually for each user.
- Use the additional employee data to improve video/ media suggestions provided to users within VIDIZMO video platform based on their profile data.
5) SSO-enabled content embedding
What it is:
SSO-enabled content embedding allows users to securely embed any media into a web page outside VIDIZMO. To control who can view the embedded media, a user can do secure media embedding which ensures that only authenticated users are allowed to access the embedded media on a different site. The login options could range from SSO authentication done using directory services like Azure AD, an IAM service like Okta or OneLogin, or third-party logins such as Google, Facebook, Twitter, etc.
Business benefits and use cases:
- Improves VIDIZMO interoperability with other platforms as content can be embedded securely anywhere.
- Enables VIDIZMO platform administrators to allow content sharing and embedding to other web pages in line with organizational security and compliance guidelines.
- Allows VIDIZMO platform administrators to disable the media embedding option altogether if needed.
Take a free trial today to test out VIDIZMO's strong SSO features or contact us to ask further queries!
Posted by Rabeea Tahir
Rabea Tahir is Technology Content Strategist at VIDIZMO which is a Gartner recognized enterprise video content management system, to stream live/on-demand media to both internal and external audiences, on-premise, Azure or AWS cloud. VIDIZMO solutions are used by enterprises, government, local, state government, healthcare, law enforcement agencies, justice, public safety, manufacturing, financial & banking industry.