Single sign-on (SSO) in Alta Video
Last modified: Tuesday January 30, 2024.
To prevent users having to remember many different sets of log in credentials for the systems they use on a daily basis, some organizations configure single sign-on (SSO) so that once a user has confirmed their identity, that federated identity is then used across all the systems that they need to log into.
Alta Video can be configured to use Security Assertion Markup Language (SAML) 2.0 to allow seamless authentication and authorization of your Alta Video Cloud operators by an external identity provider (IdP), such as Active Directory Federation Services (ADFS),
If your operator has not yet signed in with SAML SSO in this session, they are redirected from the Alta Video Cloud login page to the chosen IdP for sign-in. If an operator passes authentication, they are redirected back to Alta Video Cloud, where they can access your Alta Video Cloud deployment without typing a separate set of credentials.
If your operator has already signed in to your IdP and has passed authentication, and then navigates to Alta Video Cloud, they can access the deployment without typing their credentials.
Both of the above authentication flows rely upon assertions that the IdP creates and passes to Alta Video Cloud after validating an authentication request. An assertion contains information about who the IdP is, who the operator is, and whether the operator should have access to Alta Video Cloud. An assertion is digitally signed before it is sent over HTTPS to Alta Video Cloud. To increase the security of communications between Alta Video Cloud and the IdP, you can also configure signature validation and encryption, if supported by the IdP.
See the following topics for information on configuring and using SSO:
- Configure Alta Video to enable SAML single sign-on
- Configure SAML with ADFS
- Configure SAML with Azure AD
- Configure SAML with Google
- Configure SAML with Okta
SAML terms
The following SAML-related terms are used in these instructions:
| Term | Definition |
|---|---|
| Identity provider (IdP) | When using a federated login service, the identity provider (IdP) manages the identity information for your users. |
| Entity ID | A unique identifier for the Alta Video Cloud Infrastructure that is used by the IdP. This term may differ in the IdP's user interface. |
| Assertion Consumer Service (ACS) URL | The URL where Alta Video Cloud receives assertions issued by the IdP. This term may differ in the IdP's user interface. |
| Assertion | An XML document the IdP sends to Alta Video Cloud after authenticating an operator. |
| Attributes | Values that are used to identify operators and determine their access within the Alta Video Cloud user interface. |
| IdP metadata | The IdP configuration that is used by Alta Video Cloud. |
| Logout URL | The URL that the user is redirected to when they log out of Alta Video. The URL and its formatting is unique to each IdP. |
