How do I restrict a video using single sign-on?

The Vidbeo platform lets you restrict who can access content embedded on your site.

One option is to restrict to authenticated viewers, so that somone is only shown the video player if they are permitted to see it. This feature is especially useful if you don’t know from which IP address they will be viewing the content (such as when they view it on a mobile device).

The authentication is checked by verifying whether they are signed in to your external identity provider - and whether that identity provider grants them access to view this content.

To let you apply the same restriction to multiple videos in one go (without having to type in the same settings over and over) we have separated out the policy from the video itself. So to start with, you will need to create that ‘restriction’ - and you will then be able to apply it to one or more videos.

You will see your existing restrictions listed when you upload a new video. Since you want to create a new one, click on the link to do so:

Restrict to authenticated viewers

You will now be asked for some details.

Give it a short title that will let you recognise what it is for when you later need to select it for a particular video. For example you could call it ‘Authenticated viewers’.

Click on the button to proceed.

You are now asked to add one or more policies the system will test when it receives a request for a particular video. Click the button to proceed to add them.

Restrict to authenticated viewers

Since this guide is purely for using single sign-on to authenticate viewers, scroll down to the end of that form.

From the dropdown menu, choose ‘Yes’ for whether you would like to use single sign-on. Some additonal settings will then appear.

The single sign-on process works by authenticating a viewer against an external identity provider (managed by you). Therefore our platform needs to know some details about it in order to communicate with it. Likewise, your identity provider needs to know some details about our platform in order to expect those requests.

The following fields let you provide that information to us, and also retrieve what you need from us.

From you

We need three key pieces of data from you in order to communicate with your identity provider. The EntityId is a URL that your system should provide. It identifies itself so the system recognises it. This may also be called Issuer. Next, we need the sign-in URL. This is the URL that the request for verification will be sent to. Finally there is the certificate. Your identity provider should provide this - simply copy and paste the contents into this field.

From us

Your identity provider will need to know where it should sent its response to our request. This is the ACS URL we provide. In additon, it may ask for our metadata - you can use the URL to obtain that as XML.

At this point our system should know all the details it needs about your identity provider, and your identity provider should have all the details it needs about us.

If you click ‘Update Restriction’ those details should be saved.

Now you will need to apply this restriction to your videos in order for it to be tested. So click on the ‘Content’ tab, and then pick a sample video that you are free to test with. Click on its thumbnail image to view its details. If you scroll down, you should see the option to make it private by applying a restriction. Simply pick your newly created restriction (named earlier) from the list, then click ‘Save changes’ at the bottom.

You should now find that you are only able to watch the video if you are signed in to your identity provider. That is because now when the embed code loads, the system checks to see what restrictions have been applied to it. It will see that single sign-on needs to be used, and so will send a request to your provided URL asking whether the user is signed in. If they are, your provider should respond successfully and so the embed code will load. If not, it won’t.

If you have any problems or questions about single sign-on, SAML or any other part of your business video hosting within the video CMS, please email support@vidbeo.com.

Go back to the questions about security