Configure Alta Video to enable SAML single sign-on

Last modified: Tuesday January 30, 2024.

You can configure Alta Video to enable single sign-on for your users.

SSO user groups

For users added to Alta Video by single sign-on (SSO), you can assign them to the default Alta Video user group, or the Identity provider (IdP) can provide the user group.

When using the Use 'User group' set from SAML provider option, any changes to the user group name after setting up SSO could cause all users within that group to be unable to log in using SSO to your deployment.

You can set the default Alta Video user group assigned to SSO users in the Users tool. For more information, see Create User groups.

Prerequisites

Only users with the Administrator role can create or edit the settings required to set up single sign-on.

Task — Configure SAML Settings

  1. Choose Tools Tools > Users tool Users.
  2. Open SAML Settings SAML Settings.
  3. Click Configure SAML connection. This is a one-time setup process to configure the connection with your organizations SAML Identity provider (IdP).
  4. In turn, copy the CERTIFICATE, the ENTITY ID, and the ACS URL information for your Alta Video deployment.
    1. For some SAML identity provider systems, you need to save the Certificate as a file with the .cer extension.
  5. Follow the tasks to configure your preferred SAML provider IdP setup.
    See:
    Configure SAML with ADFS
    Configure SAML with Azure AD
    Configure SAML with Google 
    Configure SAML with Okta
  6. After configuration, upload the IdP metadata file to your Alta Video deployment.
  7. Select the default user group for the users of this SAML connection. You can choose:
    • Use 'User group' set from SAML provider: To set user groups from your SAML provider, you must configure ava.aware.usergroup in your SAML IdP setup.
    • Use Alta Video default: You can set the default Alta Video user group in the Users tool. See Create User groups.
  8. Add the LOGOUT URL, as specified by your IdP.

    Each IdP has a unique URL to which users can be redirected, which logs the user out of the IdP. Read the documentation from your IdP to understand the requirements for the formatting of the logout URL.

    Some example logout URLs are:

    • Gmail — https://mail.google.com/mail/u/0/?logout
    • Okta — https://<server-id>.okta.com/login/signout?fromURI=https://<server-id>.okta.com/login/login.htm

  9. Choose Done.