SSO to a Mediaflow Portal

How do I configure SSO for Mediaflow's portals?

The most common use case for our customers is to use SSO against a Mediaflow Portal. This is because the portal, unlike Mediaflow itself, has a simplified interface where many users can access selected files from the main system, for example as an internal media bank for all employees.
If you cannot use the IP locking (from portal administration in Mediaflow) where access to the portal is prevented by only selecting external IP numbers, SSO is a good alternative for portal access.

Note that you need an SSO license to use this service. If you are unsure if your organization has it you can contact support.

If you want SSO for the Mediaflow platform, where Pro or Basic users log in, you can read more about what this means here:
https://support.mediaflow.com/sso-för-mediaflow

Instructions:

  • You can download our metadata file from: http://sso.mediaflowpro.com/metadata.xml.
  • You do not need to add any additional URLs beyond what is in the metadata.
  • You need to send us your XML federation metadata so that we can submit it from our site. The most common is to have SSO only for the portal. For it to work, only the name identifier is needed.
  • Feel free to send with more claims (claims are user data) anyway so that you do not have to repeat this step if it is the case that there would be increased functionality in the future.

If you have Azure AD

You can configure AD according to the screenshots below (Swedish). For group membership, you can send either as groups or as roles (you have the opportunity to control which groups / types of groups are to be sent over, but in the script below, all groups are sent).

If you have local AD

When you set up your claims for group membership, you can send either as groups or as roles (you choose which groups / types of groups to send over) I do not know what you have for AD and it can look a little different but send a sample image from Azure ADFS.


Azure AD

Step 1

Step 2

Step 3

Step 4

Step 5

Steg 6

Step 7



 

Local AD

Step 1

 

Step 3

 

Steg 4

Steg 5

in Custom Rule you enter the text:

 

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]

 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"), query = ";mail,givenName,userPrincipalName,userPrincipalName,sn,tokenGroups(domainQualifiedName);{0}", param = c.Value);