Kaltura MediaSpace™ Setup Guide
Contents
1. bindMethod f Which mode of operation is used for authenticating with LDAP Search before bing j Direct Bind is di i irect bi means that the users DN is discovered by searching the LDAP ad server Direct bind means that the users DN is constructed automatically according to the format that you specify under userDnFormat displayed below when you select Direct Bind and no search is performed directBind EE EG cn QUSERNAMEQ dc exar Enter the DN format of the username Place the USERNAME token where the username should be in the string For example cn USERNAME ou somegroup dc example dc com LDAP Server Configuration Direct Bind options Kaltura MediaSpace Setup Guide 34 Authenticating and Authorizing Users bindMethod i Which mode of operation is used for authenticating with LDAP Search before bind Search before bind x means that the user s DN is discovered by searching the LDAP ad server Direct bind means that the user s DN is constructed automatically according to the format that you specify under userDnFormat displayed below when you select Direct Bind and no search is performed searchUser username If anonymous search is not allowed what is the DN of the account that should be used to bind for searching users For anonymous do not enter a username password If anonymous search is not allowed what is the password of the account that2. MediaSpace Users who are not authenticated by your systems are denied access to MediaSpace even if they are have a user account and a MediaSpace Application Role in Kaltura These unauthenticated users will not be able to log in Kaltura MediaSpace Setup Guide 31 Authenticating and Authorizing Users Configuring Authentication and Authorization for MediaSpace Enabling Common Login Configurations On the Configuration Management panel Auth tab of the Kaltura MediaSpace Administration Area the following MediaSpace login options are available for all authentication and authorization methods demoMode No Enable the demo login mode After entering any user or password combination the user has an admin role Can users access MediaSpace without logging in If you select yes anonymousRole users can browse the galleries and view videos For anonymousRole users links buttons for actions that require more advanced roles are displayed When an anonymousRole user clicks a link button that requires a more advanced role a login screen is displayed allowAnonymous anonymousGreeting What text should be used in the header instead of an actual user name sessionLifetime How long can MediaSpace user session last httpsLogin Enable a secure login page via https If you select yes your server must be configured to enable secure login page Enabling Authentication Methods On the Configuration Management panel A
3. The document describes how to set up your site structure prepopulate Kaltura MediaSpace content assign user permissions and implement authentication and authorization NOTE You perform some setup steps in the Kaltura MediaSpace Administration Area and in the Kaltura Management Console KMC SS NOTE Please refer to the official and latest product release notes for last minute updates Technical support may be obtained directly from Kaltura Support S Contact Us Please send your documentation related comments and feedback or report mistakes to knowledge kaltura com We are committed to improving our documentation and your feedback is important to us Audience This document is intended for Kaltura MediaSpace site administrators Document Conventions Kaltura uses the following admonitions e Note e Workflow NOTE Identifies important information that contains helpful suggestions hi Kaltura MediaSpace Setup Guide 5 Preface __ Workflow Provides workflow information V EX 1 Step 1 2 Step 2 Related Documentation In addition to this guide the following product documentation is available e Kaltura MediaSpace e Kaltura Management Console KMC User Manual Kaltura MediaSpace Setup Guide Understanding the MediaSpace Setup SECTION 1 Understanding the MediaSpace Setup Kaltura MediaSpace features fine grained governance rules that grant specific permissions to content on the MediaSpace site
4. the most recent appears last To modify the gallery display order in MediaSpace you specify the order of your gallery categories in the KMC In the KMC select the Content tab and then select the Categories tab Click galleries in the Categories table to open the Edit Category window site C at e g O ri e Q Search Categories l Categories ID Name 1 All Categories No Filter 3 150041 Mediaspace4 150051 channels F wf site b galleries channels private archive Kaltura MediaSpace Setup Guide 17 Setting Up MediaSpace 3 On the Edit Category window select the Sub Categories tab displayed only when there is more than one sub category Edit Category galleries Metadata Reorder this category s sub categories Entitiements Sub Category Sub Categories En gallery gallery3 Save Save amp Close 4 Previous Category Next Category gt 4 Specify the order of the sub categories using the Up and Down arrows and click Save Repeat for additional sub category levels under galleries Assigning MediaSpace Content to Galleries After your gallery structure is set up you can assign content to your galleries You can assign entry content to categories in the KMC on the Upload tab s Submit Bulk menu using the Entries CSV XML option Categories that do not exist are created when you submit the file To display these categories as MediaSpace galleries specify the mediaspaceRoot gt site gt
5. Context Label MediaSpace 2 0 Content Privacy T No Restriction Content in this category is visible to everyone with access to the application page F Requires Authentication Content in this category is visible in the application only to authenticated end users Private Visible only to users with specific permissions to access this category s content ra Category Listing i Ho Restriction Category is visible to everyone with access to the application page Private Category is visible only to users with specific permission to access this category s content 2 Who Can Add Content to No Restriction Any authorized end user this Category C3 Private Only end users with specific permission to add content to this category 2 Inherit Specific End User Wo Set specific end user permissions for this sub category Permissions from Parent Category Yes Specific end user permissions of parent category will automatically apply to this sub category Specific End User Permissions Owner Not Specified Change Users 0 end users have permissions to this category Save Save amp Close Previous Category Next Category gt Kaltura MediaSpace Setup Guide 21 Setting Up MediaSpace 5 On the Specific End User Permissions window click Add User gallery2 Specific End User Permissions Search End Users Additional Filters User Name lD Permission L Status Update M Updated Actions v AllPermission Levels Member Add Users From Pa
6. If you want to revoke MediaSpace access from a specific user it is your responsibility to delete the user account in one of the following ways e On the User Management panel of the Kaltura MediaSpace Administration area select one or more users and click Delete or Delete Checked e Submit a Kaltura end users CSV to delete MediaSpace user accounts in bulk To learn more see the submit a Kaltura end users CSV procedure step e Use the Kaltura API to o Delete the user record o Remove the user s MediaSpace Role stored in a custom data profile Kaltura MediaSpace Setup Guide 30 Authenticating and Authorizing Users How do you switch from Kaltura managed authentication and authorization to managing MediaSpace authentication and authorization in your system Following the completion of your pilot or when the IT integration with your user authentication and group management systems is completed on the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab and change the selected authentication authorization method In the Kaltura MediaSpace Administration Area you may override the Kaltura managed Application Roles from your system on the Configuration Management panel or by manually deleting existing MediaSpace user accounts on the User Management panel To override Kaltura managed Application Roles on the Configuration Management panel 1 On the Configuration Management panel of the Kaltura
7. Owner window start typing a new owner name A list of suggestions is displayed after you type the third character Change Owner Set a new owner to this entry Adm Admin Admin 4 Onthe Change Owner window select a user from the suggestion list and click Save NOTE The content owner is the user whom the media is assigned in MediaSpace S sN Adding Contributors to MediaSpace Galleries By default only an end user with the Admin application role can publish media to a gallery To enable a user to add media to a particular gallery you add the user as a Contributor to a particular category under galleries Kaltura MediaSpace Setup Guide 20 Setting Up MediaSpace NOTE Manager and Moderator permissions are not relevant for MediaSpace galleries Users with these permissions will have only contribution rights and will not be able to S administer the gallery in the MediaSpace site To add a user as a contributor to a MediaSpace gallery in the KMC a NOTE You can add a contributor to a MediaSpace gallery only in the KMC In the KMC select the Content tab and then select the Categories tab In the Categories table click the category name On the Edit Category window select the Entitlements tab Under Specific End User Permissions click Manage Edit Category gallery2 Metadata Here you can manage entitlement settings and specific end user permissions to content in your application Entitlements 2 Privacy
8. To explain your options this document describes the different site sections roles and permissions that you can configure for MediaSpace This document focuses on setups that include user permissions referred to as entitlement enabled To start learning about MediaSpace refer to the Kaltura MediaSpace User Manual which describes channels and user permissions in terms of site features Enabling User Permissions Prerequisites Contact your Kaltura Project Account Manager to confirm that the following prerequisites are implemented e Entitlement services are enabled and enforce entitlement is set to true in your account settings e A root category is set up for MediaSpace in the KMC see To set up a MediaSpace category tree in the KMC Assigning user permissions usually is handled in bulk using a comma separated value CSV file To learn more about the End User Entitlements CSV refer to the Kaltura Management Console KMC User Manual This guide describes how to manually assign permissions for galleries and channels Understanding Content Collections Content collections in MediaSpace are defined as either galleries or channels Your MediaSpace instance can include one or both Understanding Galleries Galleries represent structured centrally curated media galleries that are available from the MediaSpace top menu MediaSpace galleries can be organized around specific topics in either a hierarchal or a flat navigation layou
9. Wew Content and p rbdG p le Decniptian 7 H strictad Mon mambers can vea coeleri but Users must be invited to particpate rags 3 Private Membershes ia By Irrdlalion ond and ony members can view con ent and paricipaio E Moziorato contend Medes vill nol appear in Channel until Approved by channel manager Save KMC entitlement definitions are displayed in the KMC under Content gt Categories gt Edit Category window gt Entitlements tab Edit Category gallery2 Here you can manage entitlement settings and specific end user permissions to content in your application J Privacy Context Label MediaSpace 7 Content Privacy No Restriction Content in this category is visible to everyone with access to the application page i Requires Authentication Content in this category is visible in the application only to authenticated end users Private Visible only to users with specific permissions to access this category s content O No Restriction Category is visible to everyone with access to the application page ry Private Category is visible onby to users with Specific permission to access this category s content gt Who Can Add Content to No Restriction Any authorized end user this Category oe Private Onhy end users with specific permission to add content to this category Inherit Specific End User f No Set specific end user permissions for this sub category Permissions from Parent Category 0 Wes Specific end us
10. are not able to log In What user details are stored in Kaltura The user s identifier Application Role and first and last names optional but recommended must be stored in Kaltura After the user logs into MediaSpace for the first time administrators can view and manage the user record on the User Management panel of the Kaltura MediaSpace Administration Area The user s organizational password is not saved in Kaltura Kaltura MediaSpace Setup Guide 29 Authenticating and Authorizing Users Can you manually set different user details in Kaltura Yes you can manually set different user details in Kaltura After the user logs into MediaSpace for the first time administrators can manage the user record on the User Management panel of the Kaltura MediaSpace Administration Area An administrator can override the user details first and last name and the user MediaSpace Application Role This option is useful mainly for granting a higher or lower level Application Role to certain users For example you can set a Viewer Application Role to a large group of people within your organization and then manually assign the higher level MediaSpace Admin role to a few of them To enable manually overriding settings 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab 2 Set the following values and click Save a Under refreshDetailsOnLogin select No This option is displayed only when u
11. open the Auth tab 2 Under allowAnonymous select Yes and click Save allowAnonymous Can users access MediaSpace without logging in If you select yes anonymousRole users can browse the galleries and view videos For anonymousRole users links buttons for actions that require more advanced roles are displayed When an anonymousRole user clicks link button that requires a more advanced role a login screen is displayed How do restricted galleries behave If a gallery is restricted by entitlement in the KMC so that it is listed and restricts access to Private members only the gallery is displayed in navigation but unauthorized users cannot access the gallery If a gallery is restricted by entitlement in the KMC so that it is unlisted and restricts access to Private members only the gallery is displayed in navigation but unauthorized users have restricted access Who can add media to a gallery The following users can add media to a gallery e A user with an application role of Admin or UnmoderatedAdmin e Auser who is assigned Contributor permission and above to a specific gallery Who can view a channel The following users can view a channel e Auser who is authorized by entitlement permissions in the KMC e A user who is added as a member by the channel manager in MediaSpace Kaltura MediaSpace Setup Guide 12 Understanding the MediaSpace Setup How does a user become a manager A user can become a manager
12. 2 44 06 05 Converting Select Action v MediaSpace4 Peter Norvia The E 0 06 25 12 12 43 06 11 Converting Select Action Y Wolfgang Kessling H 0 06 25 12 12 42 11 35 Ready Select Action v kA 0_d11n1yi1 Excellent web quaj H 0 06 24 12 11 36 00 30 Ready Select Action v 0 ktm3bk5c Normal web quality i 0 06 24 12 11 36 00 30 Ready Select Action hal Set Scheduling Sat Accesa Conio Sample Bia Bucka Ei 0 06 24 12 11 36 00 33 Ready Select Action Edit Tags gt Add Categories Add to New Category Playlist Sample Katura An fl 0 06 24 12 11 36 00 05 Ready Select Action v Change Owner Download Search Categories Delete in soie u il a aonan ii nn annaa noi EE Additional Filters Bulk Actions v 1 14 27 of 27 Show rows 50 vw 4 Onthe Select Categories window under the channels category select one or more categories and click Apply In the Entries table the entries are displayed when you filter for a category to which you assigned the entries Also see Assigning MediaSpace Content to Galleries Assigning User Permissions to MediaSpace Channels To assign user permissions in bulk use the End User Entitlements CSV To learn more about assigning end user permissions refer to the Kaltura Management Console KMC User Manual To learn more about entitlement services and how they apply to MediaSpace permissions refer to Introduction to the Kaltura Entitlement Infrastructure Assigning User Permissions to MediaSpace Channels in th
13. Kaltura MediaSpace Setup Guide Version 4 0 MZ OS Kaltura open source video Kaltura Business Headquarters 200 Park Avenue South New York NY 10003 USA Tel 1 800 871 5224 Copyright 2012 Kaltura Inc All Rights Reserved Designated trademarks and brands are the property of their respective owners Use of this document constitutes acceptance of the Kaltura Terms of Use and Privacy Policy Contents EE EE NN uberis dariaandounvarpuashuadoniuactan 5 PAD OUT GA SEE ES EEE EE EE EE eo A T 5 UN 5 Pommern COME Pavas rd 5 Related Documenta HON EE EE EE 6 Section 1 Understanding the MediaSpace Setup rrrrrrnrrrnnnnnnnrrnrrrnrnnnnnnnnrrvnnrrnnnnnnssesrnnnnnnnnnnnssennnnnnnnn 7 Enabling User Permissions Prerequisites rrrrrrnrrrrrrnnnrrvrnnnnrnvnnnrernnnnnrnnnnnnrennnnnnrennnnnennnnnnennnnnnnen 7 Understanding Content Collections ccccccccsssecccccececeeeeeeeeceeeeeesaeeeeeeceeeeeeesseeeeeeeeeeesssaaseeeeeeeeeeeeas 7 Understanding Galeries EE NE EE 7 Understanding Channels EEE 8 Understanding Application HOSS uvaner sees keesrere danskenes 10 Modifying Application Role NN ses daspane 10 Assigning Application Roles to Multiple Users in Bulk riurrrrnnnnnrnrrnnnnnnnrnnnnnnnnrrnnnnnnnnnnnnnnnnnne 11 Understanding Permissions c cccccccccccsesseeeeceaeeeeeeeeseaeeeeeecsaeeseeeeessueeeeesseaseeeesssaeeeeeeeseaaeseeeeaaaass 11 Understanding Roles and PermMiSSiOns ccccccssssecccccc
14. MediaSpace Administration Area open the Auth tab 2 Set the following values and click Save a Under refreshDetailsOnLogin select Yes This option is displayed only when using an external authentication provider b Under refreshRoleOnLogin select Yes This option is displayed only when using an external role authorization provider Scenario 3 Authentication Is Managed in an Organizational System Authorization Is Managed in Kaltura When does this scenario apply You can use Kaltura as your MediaSpace access and role authorization provider when e You have a small to large scale MediaSpace deployment You want all users to log into MediaSpace with their organizational credentials and to be authenticated by your centralized authentication system e Authorization for users to access MediaSpace and MediaSpace Application Roles is independent of their membership in organizational units or groups For example users who will be granted MediaSpace access do not belong to a specific organizational unit or group e You are not able to provide access to your group management system from the MediaSpace application for setting group based role authorization You want to set users application roles before their first login to MediaSpace Who can access MediaSpace Only users who are authenticated by your systems and have MediaSpace user accounts pre provisioned in Kaltura the user account includes MediaSpace Application Roles can access
15. a different authorization method To configure user authorization through your LDAP server 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab After you complete and verify the following steps click Save 2 Under authZAdapter select LDAP AuthZ auth7Adapter LDAP Auth Kms Auth Auth Kaltura LDAP Authz Add custom value Kaltura MediaSpace Setup Guide 35 Authenticating and Authorizing Users 3 Under refreshRoleOnLogin select your preference This option affects the updating of the user s role from your LDAP system upon every login Should the user role on Kaltura be updated through an external authorization provider refreshRoleOnLogin she Select No to allow overriding a role through Kaltura user management 4 Under ldapOptions select your preferences for getting the list of groups in which the user is a member This option is used to determine the user s MediaSpace Application Role Your groupSearch selection will affect the information you need to provide IdapOptions Configure the LDAP options for group searches a Get groups from user x Get groups from user byUser memberOfAttribute memberOf Enter the memberOf attribute to use the memberof search filter to map groups to users Note The memberof search filter is not enabled by default on all LDAP servers persere obptlne pronid U Enter the pattern for que
16. ace as part of the customer specific login and authentication implementation which is set through the Kaltura SSO gateway interface Always use this option with SSO Gateway authentication This option cannot be used with any authentication method besides SSO Gateway authentication Kaltura Authorization Manage user authorization to access MediaSpace and user MediaSpace application roles in Kaltura This authorization option can be used with any other authentication method SSO Gateway authentication Kaltura authentication and Header authentication Custom Authentication Methods For any other type of access and role authorization method custom adapters can be developed and added to the MediaSpace installation Setting Up Authentication and Authorization Configuring LDAP Authentication and Authorization To learn more about integrating your LDAP server for authenticating users and authorizing user access to MediaSpace with a specific application role refer to Kaltura MediaSpace Introduction to Authentication and Authorization Solutions and Kaltura MediaSpace LDAP Integration Guide 1 To configure user authentication through your LDAP server On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab After you complete and verify the following steps click Save Under authNAdapter select LDAP AuthN authNAdapter LDAP AuthN Select your preferences for the common login op
17. added to the MediaSpace installation Kaltura MediaSpace Setup Guide 32 Authenticating and Authorizing Users Enabling Authorization Methods On the Configuration Management panel Auth tab of the Kaltura MediaSpace Administration Area the following authorization methods are supported as part of the MediaSpace standard installation When you select an authorization method a set of relevant configuration fields is displayed to fill in authZAdapter What is the name ofthe PHP class for handling authorization Authorization determines the users role KalturaAuth enables the built in User Management system located at admin users LdapAuth lets you use your organizational LDAP AD server to determine Kms Auth Authz Kalt Kms Auth AuthZ Kaltura LDAP AuthZ SSO Gateway AuthZ roles To use your own custom class click Add custom value and enter the custom class name Add custom value LDAP Authorization The user s application role in MediaSpace is determined based on organizational groups in which the user is a member which are managed in the organization s LDAP server This authorization method usually is used together with the LDAP authentication method The method also can be selected when using other authentication methods SSO Gateway authentication Kaltura authentication and Header authentication SSO Gateway Authorization The user s application role in MediaSpace is set and passed to MediaSp
18. at have a MediaSpace role for the specific MediaSpace instance MANAGE CONFIGURATION MANAGE USERS KNOWLEDGE BASE CLEAR THE CACHE ENABLE DEBUG MODE LOG VIEWER GOTO SITE LOGOUT User Management fq Show allRoles fe By Name By Email ADD NEW USER DELETE CHECKED SUBMITCSV_ T User ID First Name Last Name ds Password Role Email Extra data Actions No data found e Submit a Kaltura end users CSV to create MediaSpace user accounts in bulk Use the following format sete A B D E F G H 1 action userld firstName lastName screenName metadata KMS USERSCHEMAT y role partnerData 2 6 Johns123 John Smith John Smith ViewOnly pw ecc94cd2e13ec3ae3ea30bdal 1e4fe 7 15f9f9d20 3 6 Dans123 Dan Smith Dan Smith ViewOnly pw ecc94cd2e13ec3ae3ea30bdal 1e4fe7 15f9f9d21 4 6 Danas123 Dana Smith Dana Smith AdminRole pw ecc94cd2e13ec3ae3ea30bdal 1 e4fe 7 15f9f9d22 5 6 4 7 4 o To learn more about the end user CSV schema refer to End Users CSV Usage and Schema Description o The userld field must include a minimum of three characters o The MediaSpace Application Role is managed within the MediaSpace user metadata schema Adjust the schema name in the example to include your MediaSpace instanceld You can copy the MediaSpace instanceld from the Configuration Management panel Application tab of the Kaltura MediaSpace Administration Area o Set the role names in the CSV according t
19. d for an account MediaSpace application roles are backward compatible Modifying Application Role Names You can modify MediaSpace application role names to match your institutional terminology To modify MediaSpace application role names 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Roles tab 2 Modify the label for one or more roles and click Save Roles anonymousRole What is the name for the Anonymous User role A user with anonymousRole can anonymousRole browse your site anonymously until trying to access pages actions that require login My Media My Playlists and Add New viewerRole What is the name for the Viewer role A user with viewerRole can browse public viewerRole galleries is not authorized to upload new content and does not have a My Media page privateOnlyRole What is the name for the Private uploads role A user with privateOnlyRole can upload privateOnlyRole content to My Media cannot publish to galleries and can add media adminRole i What is the name for the Admin role A user with adminRole can upload content to all adminRole galleries and can upload content unmoderatedAdminRole EEE minRole What is the name for the Unmoderated Admin role A user with Kaltura MediaSpace Setup Guide unmoderatedAdminRole can upload content and bypass moderation when moderation is enabled for an account 10 Understanding the M
20. e KMC By default a channel that you create in the KMC is restricted to authorized users Handling permission restrictions for channels is similar to the way you handle permissions for galleries See Adding Contributors to MediaSpace Galleries In addition you perform the following important flows related to channels in the KMC e Assigning Managers and Moderators to a MediaSpace Channel e Listing MediaSpace Channels Assigning Managers and Moderators to a MediaSpace Channel To access channel settings in MediaSpace a user must have Manager or Moderator permissions for the channel To learn more about channel settings refer to the Kaltura MediaSpace User Manual To assign a manager to a MediaSpace channel in the KMC 1 Inthe KMC select the Content tab and then select the Categories tab Kaltura MediaSpace Setup Guide 26 Setting Up MediaSpace ae SN te oS YS S h s In the Categories table click the channel category name On the Edit Category window select the Entitlements tab Under Specific End User Permissions click Manage On the Specific End User Permissions window do one or more of the following o Inthe user list select one or more users and change the user permission to Manager o Click Add Users On the Add Users window under Permission Level select Manager On the Add Users window under Select End Users start typing a user name list of suggestions is displayed after you type the third charact
21. each group defined in the mapping settings The relation between the groups is OR groupSearchQuery Enter the LDAP query that finds all groups This query runs only one time so it returns all groups defined in the matching settings If you enter a value for this LDAP query the two settings displayed above groupSearchQueryPattern and groupSearchEachGroupPattern are not used groupMembershipAttribute nember Enter the attribute on a group record that lists the users who are members in the group groupsMatchingOrder unmoderatedAdminRole adminRole LDAP Authorization Options Get User from Groups Enter the order in which to match MediaSpace roles to LDAP groups For example if a user belongs to a group that is mapped to the admin role enter adminRole before other roles adminRole viewerRole to find the admin role first and log in the user with the adminRole 5 Under ldapGroups select your preferences to define the mappings between the groups defined in your LDAP server and the MediaSpace Application Roles Enter LDAP group names that match the MediaSpace adminRole Add adminRole Enter LDAP group names that match the MediaSpace viewerRole Add viewerRole Enter LDAP group names that match the MediaSpace privateOnlyRole Add privateOnlyRole Enter LDAP group names that match the MediaSpace unmoderatedAdminRole Add unmoderatedAdminRole IdapGroups Map your LDAP server group
22. ediaSpace Setup Assigning Application Roles to Multiple Users in Bulk You can assign application roles to multiple users with a bulk action You use an End Users CSV that includes an option to assign roles To upload an End Users CSV Do one of the following o Inthe KMC upload the End Users CSV Refer to the Kaltura Management Console KMC User Manual o Onthe User Management panel of the Kaltura MediaSpace Administration Area Click Submit CSV Click Choose File to select the CSV file and click OK User Management By Name By Email ADD NEW USER DELETE CHECKED SUBMIT CSV i ug UserID FirstName Submit Users CSV studentmember student Once you submit the CSV you can track the progress of your import from Kaltura Management Console KMC In KMC go to Content and click Upload Control Once import is processed refresh this page to view users and edit their properties No file chosen E E facultymember faculty Admin admin KMS version 4 0 4 build 83184 To learn more about the End Users CSV refer to the Kaltura Management Console KMC User Manual Understanding Permissions While an application role applies to your entire MediaSpace site and publishing rights apply to all galleries some permissions are gallery or channel specific You set user permissions to a specific content collection by applying the following permissio
23. ediaSpace user accounts that include a MediaSpace Application Role Only users with a MediaSpace user account and MediaSpace Application Role are able to log into MediaSpace Authenticating MediaSpace users in Kaltura also requires setting a password for each MediaSpace user Follow the procedure to create MediaSpace user accounts that include a MediaSpace Application Role To configure Kaltura authentication 1 Onthe Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab After you complete and verify the following steps click Save 2 Under authNAdapter select Kms Auth AuthN EG Kms Auth AuthN Kalt Kms Auth AuthN Kaltura AP AuthN Add custom value 3 Select your preferences for the common login options To configure Kaltura authorization 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab 2 Under authZAdapter select Kms_Auth AuthZ and click Save OE Kms Auth Authz Kalt Kms Auth Auth Kaltura LDAP Authz Add custom value Kaltura MediaSpace Setup Guide 40 Authenticating and Authorizing Users To create MediaSpace user accounts that include a MediaSpace Application Role Do one of the following e Onthe User Management panel of the Kaltura MediaSpace Administration Area you can create and manage MediaSpace user accounts Use the list to manually manage all users in the partner account th
24. eeeececcceeseeeeeceaeeeeeseeeaaeeeeesaaeeeeesssaeeeeessaaas 12 Section 2 Setting Up MediaSpace rrrrrrrnnnnnnnnnvnvrrrrrnnnnnnrrnnnrrnnnnnnnnsrnnnnrnrnnnnsessennnnnnnnnsnsssennnnnnnnnnnsseennnn 14 Setting Up MediaSpace Content in the KMGC rrnnnnrrrnnnnnnnnvrrrnnrnnnnnnnnvrvnnrrnnnnnnnssnnnnnnnnnnsnnsssnnnnnnnnne 14 Uploading Media Space Content caiicescccusnezessecanscsdadescerss ensesbececuansnenapasadeaduawndieonasennamaneseaepnastennsecdes 16 Setting Up MediaSpace Galleries in the KMC rrrernrrrnnnnnnnnvvnnenrrrnnnnnnrrnnrrrnnnnnnnnsennnnrnnnnsnnsssnnnnnnnnne 17 Creating MediaSpace Gallery Categories in the KMC rrrrnnnrnrnnrnnnrrnnnnnnnnnrnnnrrnnnnnnnnrrnnnnnnnnnnnn 17 Assigning MediaSpace Content to Galleries rrrrrrrrrrrnnnnnnnrnnrvrrrnnnnnnrnrrnnnrrnnnnnnnnnnsennnnnnnnnnnee 18 Adding Contributors to MediaSpace Galleries rrrrrrrrrnnnnnnnnnnvrrrrnnnnnnnnvrnnrrrnnnnnnnnsnennnnnnnnnnnnee 20 Restricting Access to MediaSpace Galleries in the KMC cccccceecesesseeeeeeesseeeeesaeseeeeeeeas 22 Setting Up MediaSpace Channels ccccccscscsecccnccceeensecsesesececescsneeuecesecessesnsesuessaseedqecseasencesnereccnne es 23 Defining MediaSpace Channel Types in the KMC rrsnrrnnrrrnnnrnnnnnnnnnnnrnrnnnnnnnnnrnnnnnrnnnnnnnnnsennn 23 Displaying Channels in MediaSpace rrrrrrrnnnnnnnnvvvnrrrrrnnnnnnrrrnnrrnnnnnnnssrrnnnnnrnnnnsnssnnnnnnnnnssnnsennnn 23 Setting Permissions for Creating a MediaSpace C
25. ement Features SECTION 4 Using MediaSpace without Entitlement Features You can use MediaSpace without using entitlement features In the KMC verify that your MediaSpace category tree does not have Privacy Context To verify that entitlement is not enabled confirm that in the KMC under Content gt Categories the Entitlements tab of your root category s Edit Category window is not displayed Restricting Categories If you do not want to create channels and restrict users using entitlement features you can restrict categories to specific roles in the MediaSpace Configuration Panel s Categories tab Only users with the specified role can view media in the restricted category Only users with adminRole or unmoderatedAdminRole can add media to the restricted category For example Category1 PrivateUploads PublicUploads Category2 PublicUploads NOTE Use the category name that is displayed in MediaSpace omitting the number Ls prefix used for setting the category order in the KMC For example use Sneak Peek not S 4 Sneak Peak To display only unrestricted categories to MediaSpace users who do not log in use restricted categories together with the Allow anonymous true option NOTE Known issue If your site contains a Related playlist that is displayed next to the media player the Related playlist includes restricted content VE Kaltura MediaSpace Setup Guide 43
26. er On the Add Users window select a user from the suggestion list and click Save To assign a moderator to a MediaSpace channel in the KMC In the KMC select the Content tab and then select the Categories tab In the Categories table click the channel category name On the Edit Category window select the Entitlements tab Under Specific End User Permissions click Manage On the Specific End User Permissions window do one or more of the following o Inthe user list select one or more users and change the user permission to Moderator o Click Add Users On the Add Users window under Permission Level select Moderator On the Add Users window under Select End Users start typing a user name A list of suggestions is displayed after you type the third character On the Add Users window select a user from the suggestion list and click Save NOTE A MediaSpace end user who creates a channel can assign permissions including adding managers and moderators Listing MediaSpace Channels In MediaSpace channels are displayed on the Channels page when there is no restriction to channel listing in the KMC under Content gt Categories gt Edit Category window gt Entitlements tab See Understanding Channels To learn more about creating and moderating a channel refer to the Kaltura MediaSpace User Manual Kaltura MediaSpace Setup Guide 27 Setting Up MediaSpace Assigning User Permissions to a Channel in MediaSpace Channel
27. er permissions of parent category will automatically apply to this sub categony Specific End User Permissions Owner Not Specified Change Users 1 end users have permissions to this category Manage Save Save amp Close Previous Category Next Category gt NOTE If modifications are made in the KMC that do not correspond to one of the channel types MediaSpace behavior will follow the KMC definition not the designated type Understanding Channel Listings A company institution wide shared channel listing is available in MediaSpace for channel searching and content discovery Kaltura MediaSpace Setup Guide Understanding the MediaSpace Setup In addition each user has direct access to the list of all channels they belong to with permission of member and above To learn more refer to the Kaltura MediaSpace User Manual Understanding Application Roles MediaSpace application roles apply globally and include e Anonymous Can browse your site anonymously until trying to access pages actions that require login My Media My Playlists and Add New e Viewer o Can browse public galleries o Is not authorized to upload new content o Does not have a My Media page e PrivateUpload o Can upload content to My Media o Cannot publish to galleries o Canadd media e Admin o Can upload content to all galleries o Can upload content e UnmoderatedAdmin Can upload content and bypass moderation when moderation is enable
28. ermissions to content in your application Privacy Context Label MediaSpace 2 Content Privacy No Restriction Content in this category is visible to everyone with access to the application page D Requires Authentication Content in this category is visible in the application only to authenticated end users a Private Wisible only to users with Specific permissions to access this category s content 2 Category Listing No Restriction Category is visible to everyone with access to the application page Private Category is visible only to users with specific permission to access this category s content 2 Who Can Add Content to No Restriction Any authorized end user this Category g Private Only end users with specific permission to add content to this category 2 Inherit Specific End User fm No Set specific end user permissions for this sub category Permissions from Parent Category F Yes Specific end user permissions of parent category will automatically apphy to this sub category Specific End User Permissions Owner Not Specified Change Users 0 end users have permissions to this category Manage Save Save amp Close Previous Category Next Category gt The category is displayed in MediaSpace navigation When a user who is not in the category s Users List tries to access the category an Access Denied message is displayed NOTE This method is different from the Restricting Categories configuration for Usin
29. g Ne MediaSpace without Entitlement Features Setting Up MediaSpace Channels Setting up MediaSpace channels in the KMC is similar to setting up galleries creating categories assigning content To learn about what s unique for channels see Assigning User Permissions to MediaSpace Channels in the KMC Defining MediaSpace Channel Types in the KMC Channel managers can define a channel type Open Restricted Private in MediaSpace The KMC admin can also define a channel type under Content gt Categories gt Edit Category window gt Entitlements tab See Channel Types Displaying Channels in MediaSpace To add a link to the Channels page and My Channels in the top MediaSpace navigation 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Navigation tab Kaltura MediaSpace Setup Guide 23 Setting Up MediaSpace Add items to the beginning of the main menu before the categories MediaSpace displays the items in the order you define here The first pre item must be a laylists Link Category played in the main Add pre 2 Under pre o Inthe type menu select Channels Page or My Channels o Inthe name field enter the label to display 3 Click Save to display the link in the top MediaSpace navigation bar Global pre Application Client playlist type Roles BET DELETE Auth Player Select one of the
30. galleries path To learn more about Assigning Content to Categories refer to the Kaltura Management Console KMC User Manual This section describes how to manually assign content to galleries To manually assign content to a MediaSpace gallery in the KMC 1 Inthe KMG select the Content tab and then select the Entries tab 2 Inthe Entries table select one or more entries and click Bulk Actions Kaltura MediaSpace Setup Guide 18 Setting Up MediaSpace 3 Select Edit Categories and click Add Categories Refresh Entri es Search Entries Ea Categories Thumbnail ID Name Type Plays CreatedOn y Duration Status Actions All Categories No Filter x pa 0_4t361su0 Marco Tempest TH E 0 06 25 12 12 44 06 05 Converting Select Action v gt MediaSpace4 i v 0 8ne53my4 Peter Norvig The i 0 06 25 12 12 43 06 11 Converting Select Action v l 0 4ne38180 Wolfgang Kessiing E 0 06 25 12 12 42 11 35 Ready Select Action v kA 0_d1intyi1 Excellent web qual H 0 06 24 12 11 36 00 30 Ready Select Action v 0_ktm3bkSc Normal web quality i 0 06 24 12 11 36 00 30 Ready Select Action ut Set Scheduling Sat Accesa Conio Sample Bia Bucka 0 06 24 12 11 36 00 33 Ready Select Action v Edit Tags gt Add Categories Add to New Category Playlist Sample Katura An E 0 06 24 12 11 36 00 05 Ready Select Action v Change Owner Download Search Categories Delete PE oe ____e __ A Additional Filters Bulk Actions v 1 4 27 of 27 Show ro
31. h as categories and tags Administration Upload Media Upload from Desktop Record from Webcam Creat Import from Web Prepare Entry Video Entry Audio Entry Submit Bulk select CSV AML 4 Entries CSV XML Categories CSV End Users CSV End User Entitlements CSV Kaltura MediaSpace Setup Guide 16 Setting Up MediaSpace To learn more about uploading and ingestion refer to the Kaltura Management Console KMC User Manual Setting Up MediaSpace Galleries in the KMC Creating MediaSpace Gallery Categories in the KMC After you set up a MediaSpace category tree you can add categories to create galleries or channels To learn more about Creating and Managing Content Categories refer to the Kaltura Management Console KMC User Manual 1 2 3 To add MediaSpace galleries manually in the KMC In the KMC select the Content tab and then select the Categories tab Select Add Category Add a category for a gallery under MediaSpaceroot gt Site gt Galleries and save your new category You can create up to seven levels of sub categories To create MediaSpace galleries in bulk in the KMC In the KMC select the Upload tab and under Submit Bulk select Categories CSV Specify the path for the gallery categories under MediaSpaceroot gt Site gt Galleries To specify the order of MediaSpace gallery categories in the KMC By default categories in MediaSpace are displayed by creation date
32. hannel rrrrnrvvnnnnnnnnnrrrrvrnnrnnnnnerrrrrerrnnnnnn 24 Assigning MediaSpace Content to Channels rrnrnnnnrrnnnnnnnnnnvrnrrnnnnnnnnrrnnnnnnnnnnnnssssnnnnnnnnnnnnee 25 Assigning User Permissions to MediaSpace Channels rrrnnnnnrrnnvvnnrnnrnnnnnrrvrnnnrnnnnnrrrrrennrnnnnnnnsne 26 Assigning User Permissions to MediaSpace Channels in the KMCG rrrrnnrrrnnnnnnonnnnnnnennnnnnnn 26 Assigning Managers and Moderators to a MediaSpace Channel rrrrrnrrnnnnnnnnvvnrnrnnnvrnnnnnnnnr 26 Listing MediaSpace Channels avvek e 27 Assigning User Permissions to a Channel in MediaSpace ccccccceeeceeeaeeeeeeeeeeeeseaeeseeeees 28 Section 3 Authenticating and Authorizing USers rrrnrrrrrrrrnnnnnnnnnonrrrnnnnnnnnrrnnnrrnnnnnennnnsennnnnnnnnnnsennnn 29 Understanding MediaSpace Authentication and Authorization Scenarios rrrrrrnnnrrrvrvrnnnnnnrrnnnnn 29 Scenario 1 Authentication and Authorization Are Managed in Organizational Systems 29 Scenario 2 Authentication and Authorization Are Managed in Kaltura cccccccseeeeeeeeeeees 30 Scenario 3 Authentication Is Managed in an Organizational System Authorization Is Managed in AG 00 EEE NE EE NE ERE 31 Configuring Authentication and Authorization for MediaSpace rrnnnnrrnnnnnnnnvnnnnnnnnvrnnnnnnnnnrnnrnnnsnee 32 Enabling Common Login Configurations cccccccseseeeccceceeseeeeeeeeeeeeeeeeaeeseseeeeeeeesaeaeeeeeeeeeeeeaas 32 Enabling Au
33. ide 24 Setting Up MediaSpace o admin All users with permission to upload and publish to galleries o unmoderatedAdmin All users with permission to upload and publish to galleries and to bypass moderation if moderation is enabled Channels Debug tti i s S channelCreator ae oe Moderation Select the minimal role thi No Role Sys Admin only Modules orivateOnlyRole ME ES panien E Addtoplaylists Channelmembers Channelmoderation Channelsettings Channelsettingsadvanced NOTE We do not recommend allowing the Viewer role to create channels since users Xe with a Viewer role cannot add content to channels they create When a user has a role that can create a channel a Create Channel button is displayed on Channel Listing pages Create Channel My Channels Q View 2as Manager 0 as Member by Date Alphabetical Members Assigning MediaSpace Content to Channels To manually assign content to a MediaSpace channel in the KMC 1 Inthe KMC select the Content tab and then select the Entries tab 2 Inthe Entries table select one or more entries and click Bulk Actions Kaltura MediaSpace Setup Guide 25 Setting Up MediaSpace 3 Select Edit Categories and click Add Categories Refresh Entri es Search Entries fe Categories Thumbnail ID Name Type Plays CreatedOn y Duration Status Actions iv All Categories No Filter x gores Marco Tempest TH E 0 06 25 12 1
34. in the following ways e Bulk assignment of users to galleries and channels in the KMC The End User Entitlements CSV includes fields for assigning a manager contributors and member permissions for each user and channel e An authorized user who creates a channel is assigned as the channel owner with managerial rights An owner can add additional managers contributors and members to a channel How does a user join a channel An end user cannot join a channel The sys admin or channel manager must authorize the user An authenticated user can access channels that are Open or Restricted Who can create a channel A user with a role that is defined as a channel creator can create a channel You define the user roles that can create a channel See Setting Permissions for Creating a MediaSpace Channel Who can delete a channel The following are authorized to delete a channel e From MediaSpace The channel owner manager e From the KMC A KMC admin Kaltura MediaSpace Setup Guide 13 Setting Up MediaSpace SECTION 2 Setting Up MediaSpace Setting Up MediaSpace Content in the KMC To set up a MediaSpace category tree in the KMC 1 2 In the KMC create a MediaSpace root category a Select the Content tab and then select the Categories tab b Select Add Category c On the New Category window select the position of the root category and save your new category New Category Select the parent caiegery usder which
35. low overriding a role through Kaltura user management Yes Configuring Header Authentication To configure header authentication through the MediaSpace SSO gateway 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab After you complete and verify the following steps click Save 2 Under authNAdapter select Header AuthN authNAdapter Header AuthN Header Auth Add custom value 3 Select your preferences for the common login options 4 Under refreshDetailsOnLogin select your preference This option affects the updating of the user s first name last name and email address when provided from your authentication system upon every login refreshDetailsOnLogin Should user details on Kaltura be updated through an external authentication provider Yes Kaltura MediaSpace Setup Guide 39 Authenticating and Authorizing Users 5 Under headerAuth enter values for o headerName the ID of the authenticated user o logoutUrl headerAuth headerName sie is the name of the HTTP header that contains the user ID of the authenticated user logoutUrl When the allowAnonymous value is No you can specify a URL instead of an unauthorized page to which the user is redirected when logged out Configuring Kaltura Authentication and Authorization Authenticating or authorizing MediaSpace users in Kaltura requires creating M
36. managers and owners can add members and change user permissions in MediaSpace To edit channel members and permissions in MediaSpace 1 In MediaSpace on the Channels page or your My Channels page click a channel to open the channel page and then click Settings First Settings Basic Members Advanced Pending 2 members Add Member Member UserID Permission faculty member facultymemiaager You Owner student member studentm mb eributor Change X Remove 2 On the Members tab o To modify the member s permission level next to the member s Permission column click Change select a new permission and click Done o To remove the member from channel membership click Remove o To add a member and assign a permission level to the new member click Add Member enter a user name and select a permission and click Add To learn more about editing channel users refer to the Kaltura MediaSpace User Manual Kaltura MediaSpace Setup Guide 28 Authenticating and Authorizing Users SECTION 3 Authenticating and Authorizing Users On the Configuration Management panel Auth tab of the Kaltura MediaSpace Administration Area you can configure the settings for the required user authentication method and the required method for authorizing a user s access to MediaSpace with a specific Application Role The following scenarios are supported e Scenario 1 Authentication and Authorization Are Managed in Organizational Systems e Scenario 2 Authen
37. mated processes for updating the list of MediaSpace users based on changes in your organizational information system e You can develop a scheduled update process to periodically add or delete multiple users to the MediaSpace users list using the Kaltura end users CSV In your script you can call the user addfrombulkupload Kaltura API action to submit the CSV e Using Kaltura API actions you can develop a trigger based process to update the MediaSpace users list in real time when changes occur in your organizational information system You can call the user add user delete and user update Kaltura API actions to add delete and update specific user records You can call the metadata add metadata delete and metadata update Kaltura API actions to add delete and update the user s MediaSpace role NOTE Deleted users are also removed from all channels in which they are members Content ownership and analytics information of the deleted user are not deleted S N NOTE Since user records are shared by all Kaltura applications running on the same account we recommend that you delete records only of users who left the organization In S sh other cases we recommend revoking the user s access to MediaSpace by using the Kaltura API to remove only the user s MediaSpace role or by using the User Management panel of the Kaltura MediaSpace Administration Area to delete the user Kaltura MediaSpace Setup Guide 42 Using MediaSpace without Entitl
38. n levels e Member Can access a channel or gallery but cannot add new content e Contributor Can add content to a channel or gallery e Moderator Applies to channels only In addition to the Contributor permission can moderate content e Manager Applies to channels only In addition to the Contributor permission can moderate channel content and access channel settings including change metadata edit members change appearance and delete channel See Understanding Roles and Permissions Kaltura MediaSpace Setup Guide 11 Understanding the MediaSpace Setup NOTE In channels All permission levels are relevant for channels Xe In galleries Only the Contributor and Member permission levels are relevant to galleries i Assigning a list of users as Members enables the users only to access a gallery Assigning a list of users as Contributors enables the users to access a gallery and add media A user with the Admin application role also can add media Understanding Roles and Permissions Who can upload content to MediaSpace A user with an application role of PrivateUpload and higher admin unmoderatedAdmin can upload content to MediaSpace Who can view galleries By default galleries can be accessed by all authorized users When Anonymous mode is enabled galleries also can be viewed by anonymous users To enable Anonymous mode 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area
39. o the role labels you set in the Configuration Management panel Roles tab of the Kaltura MediaSpace Administration Area o When using Kaltura to authenticate users you may populate a shai hashed password in the CSV as part of the partnerData field as in the example MediaSpace administrators are responsible for managing password hashing and distribution to users The un hashed password must include a minimum of six characters o When using Kaltura only for authorizing user access to MediaSpace with a specific application role do not populate the password in the CSV You can remove the partnerData column in the example from the CSV since it is not required Kaltura MediaSpace Setup Guide 41 Authenticating and Authorizing Users o You can submit the end users CSV in the following ways On the User Management panel of the Kaltura MediaSpace Administration Area click Submit CSV Inthe KMC select the Upload tab and then under Submit Bulk select End Users CSV Administration n123 account Upload Media Upload from Desktop Record from Webcam Import from Web Prepare Entry eg Video Entry ap navigation Learn More Audio Entry Submit Bulk Select CSV XML Entries CSV XML Categories CSV End Users CSV Embed Player End User Entitlements CSV Embed Playlist To automate the update of the authorized MediaSpace users list When you manage MediaSpace authorization in Kaltura you can develop auto
40. options Playlist Widgets Entry Id or Channels Pagg My Media My Playlists Metadata Header Pon Navigation Enter the label for the merram Categories navigation bar Mv Channels Channels Debug To add a link to My Channels in the header menu 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Headermenu tab 2 Under enabled select Yes to enable the Headermenu module 3 Under menu o Inthe type menu select My Channels o Inthe label field enter the label to display 4 Click Save to display the link in the MediaSpace header menu Modules Addcontent Addtoplaylists For a URL enter the URL label For a Menu enter the label Channelmembers Channelmoderation 3 Channelsettings Channelsettingsadvanced type Channeltopics Type can be My Media MYP Tor My Channels Embedplaylist For a URL enter the URL label For a Menu enter the label Headermenu Setting Permissions for Creating a MediaSpace Channel See Who can create a channel To define a user role that can create a channel 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Channels tab 2 Under channelCreator select one of the following roles and click Save Sys Admin Channels can be created only from the KMC by the KMC admin user O o Viewer All authenticated users o privateOnly All users with upload permissions Kaltura MediaSpace Setup Gu
41. preferences for integrating the MediaSpace SSO Gateway with your login implementation o secret o loginUrl o logoutUrl sso Configure the built in Single Sign On Gateway authentication class SSOAuth secret Enter a custom secret or enter default to use the Kaltura Admin Secret associated default with your Kaltura account loginUri Whatis the URL for the SSO gateway login page Note The ref parameter is added automatically logoutUrl What is the URL to which a user is redirected after logging out of MediaSpace Usually you enter your organization s login page 6 If you are using the MediaSpace SSO Gateway to authorize user access to MediaSpace with a specific application role continue with the next procedure To configure user authorization using the MediaSpace SSO gateway 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab Kaltura MediaSpace Setup Guide 38 Authenticating and Authorizing Users After you complete and verify the following steps click Save 2 Under authZAdapter select SSO Gateway AuthZ auth7Adapter 550 Gateway AuthZ Add custom value 3 Under refreshRoleOnLogin select your preference This option affects the updating of the user s role upon every login refreshRoleOnLogin y Should the user role on Kaltura be updated through an external authorization provider es Select No to al
42. r tt 150071 archive Mediaspace4 150044 galleries F site 150051 channels galleries channels 150061 private private i 150031 site archive 150021 MediaS amp pace4 Il NOTE The Archive category is reserved for future versions The Private category contains all content uploaded to the MediaSpace site that has not been published to galleries and channels Do not change the Private category settings 4 Inthe KMC verify that the root category is assigned a Privacy Context Kaltura MediaSpace Setup Guide 15 Setting Up MediaSpace A Privacy Context is defined during MediaSpace installation or using the KMC a Inthe KMC select the Content tab and then select the Categories tab b Inthe Categories table click the root category name c Onthe Edit Category window select the Entitlements tab d Under Privacy Context Label confirm that a value is displayed Metadata specific end user permissions to content in your application Entitlements Uploading MediaSpace Content To upload initial content for MediaSpace in the KMC In the KMC select the Upload tab and then do one of the following o Click Upload from Desktop Use this option to upload a small number of files o Under Submit Bulk select Entries CSV XML Use this option to upload a large number of files Using this option you also import metadata suc
43. rent Contributor Category Moderator Manager Y All Statuses Active Deactivated iY All Update Methods Manual Automatic Bulk Actions 6 On the Add Users window under Permission Level select Contributor 7 On the Add Users window under Select End Users start typing a user name A list of suggestions is displayed after you type the third character gallery2 Add Users Here you can set end user permissions for this category Permission Level Contributor Update Method Manual Select End Users facu facultymember facultymember 8 On the Add Users window select a user from the suggestion list and click Save In MediaSpace the selected user will have the Add Media option for the specified gallery Restricting Access to MediaSpace Galleries in the KMC To enable only a specified group of users to access a MediaSpace gallery 1 Add specific users as members to a gallery category See Adding Contributors to MediaSpace Galleries 2 Inthe KMG select the Content tab and then select the Categories tab In the Categories table click the category name 4 Onthe Edit Category window select the Entitlements tab ad Kaltura MediaSpace Setup Guide 22 Setting Up MediaSpace 5 Under Content Privacy select Private and click Save You can further restrict actions by applying rules for who can contribute to the gallery Edit Category gallery2 Here you can manage entitlement settings and specific end user p
44. rying the LDAP server to find a user The USERNAME token will be replaced with the actual user name provided in the login window primaryGroupldAttribute Optional Enter the attribute name for the primary group ID usually primaryGroupld Use this field only to authorize by primary group ID when you are using AD groupsMatchingOrder p p Enter the order in which to match MediaSpace roles to LDAP groups For example if unmoderatedAdminRole adminRol a user belongs to a group that is mapped to the admin role enter adminRole before other roles adminRole viewerRole to find the admin role first and log in the user with the adminRole LDAP Authorization Options Get Groups from User Kaltura MediaSpace Setup Guide 36 Authenticating and Authorizing Users Configure the LDAP options for group searches groupSearch Get user from groups Get user from groups set groups from user byGroup group SearchQueryPattern amp objectclass group GROU Enter the pattern for querying all groups in one query The GROUPS_REPLACEMENTS token will be replaced with the pattern that you specify under groupSearchEachGroupPattern displayed below The query results list all groups defined in the mapping settings group SearchEachGroupPattel n GROUPNAME EGG Enter the pattern for each group in the groupSearchQueryPattern displayed above This pattern is used multiple times one time for
45. s to MediaSpace groups adminRole mediaSpaceFaculty xX mediaSpaceAdmin X viswerRole mediaSpaceStudent X mediaSpaceUser X privateOnlyRole mediaSpacePrivateOnly x unmoderatedAdminRole mediaSpaceSuperAdmin X matchByPrimaryGrouplid Match by primary group Id Kaltura MediaSpace Setup Guide Add matchByPrimaryGroupld 3 Authenticating and Authorizing Users Configuring SSO Gateway Authentication and Authorization To learn more about integrating MediaSpace with your authentication systems using the MediaSpace SSO Gateway refer to Kaltura MediaSpace Introduction to Authentication and Authorization Solutions and Kaltura MediaSpace SSO Integration Guide To configure user authentication using the MediaSpace SSO gateway 1 On the Configuration Management panel of the Kaltura MediaSpace Administration Area open the Auth tab After you complete and verify the following steps click Save Under authNAdapter select SSO Gateway AuthN authNAdapter Add custom value Select your preferences for the common Auth options Under refreshDetailsOnLogin select your preference This option affects the updating of the user s first name last name and email address when provided from your authentication system upon every login refreshDetailsOnLogin Should user details on Kaltura be updated through an external authentication provider Yes oe en 1 i a m Under sso select your
46. should be used to bind for searching users For anonymous do not enter a password userSearchQueryPattern amp objectClass person uid U_ Enter the pattern for querying the LDAP server to find a user The USERNAME token will be replaced with the actual username provided in the login screen LDAP Server Configuration Search before Bind options b Select the LDAP attributes for first last name and email address Populating the user s first and last name is used for several MediaSpace options that require the user name The email address is optional This field is useful for user management and for future features such as email notifications emailAttribute fF Whatis the name ofthe attribute on the user record that contains the user ID If you do not want to sync email with Kaltura do not enter an emailAttribute firstNameAttribute nr What is the name ofthe attribute on the user record that contains the user s first name If you do not want to sync the first name with Kaltura do not enter a firstNameAttribute lastNameAttribute oo What is the name of the attribute on the user record that contains the user s last name Ifyou do not want to sync the last name with Kaltura do not enter a lastWameaAttribute LDAP Server Configuration Email options 6 If you are using your LDAP server to authorize user access to MediaSpace with a specific application role continue with the next procedure If not select
47. sing an external authentication provider b Under refreshRoleOnLogin select No This option is displayed only when using an external role authorization provider refreshDetailsOnLogin No B Should user details on Kaltura be updated through an external authentication provider refreshRoleOnLogin N iS Should the user role on Kaltura be updated through an external authorization provider o Select No to allow overriding a role through Kaltura user management Scenario 2 Authentication and Authorization Are Managed in Kaltura When does this scenario apply You can use Kaltura as your MediaSpace identity and role authorization provider when e You want to launch a MediaSpace pilot in your organization without IT integration e You want to quickly go live with your organizational video portal before performing IT integration with your organizational authentication and group management systems e Only a few users in your organization need to work with MediaSpace and there is no requirement or need for managing user authentication and credential validation in your organizational systems e You do not have a centralized authentication system or you are not able to provide access to your authentication system from the MediaSpace application Who can access MediaSpace Only users with a MediaSpace user account pre provisioned in Kaltura can access MediaSpace The user account must include a MediaSpace Role and a MediaSpace password
48. ssion of Contributor or higher see Understanding Permissions is assigned a role of privateupload or higher see Application Roles Otherwise the user is not able to upload content to MediaSpace despite the permission that entitles the user to contribute content A Channel Manager can assign permissions in MediaSpace The channel manager selects the kind of access that users have for the channel If the channel type is restricted or private the channel manager adds members and assigns member permissions To learn more refer to the Kaltura MediaSpace User Manual Understanding Channel Types MediaSpace supports the following types of channels e Open All authenticated users are entitled to access the channel and contribute content e Restricted All users are entitled to access the channel but only specific users are entitled to contribute content e Private Only specific users are entitled to access the channel and to contribute content MediaSpace Terminology KMC Properties Privacy Listing Who can add content Open Authenticated users No Restriction No Restriction Restricted Authenticated users No Restriction Private Private Authenticated users Private Private Kaltura MediaSpace Setup Guide 8 Understanding the MediaSpace Setup Channel type definitions are displayed in MediaSpace under Channel Settings gt Basic First Settings Basic Members Advanced Pending Title Open First Memdershap is open and non members Gan
49. t When MediaSpace is used as a company institution wide media portal galleries usually are shared with the entire organization and also may be available to the public on the web Understanding Roles and Permissions for Galleries You usually enable permission to add content to galleries using application roles For example you enable a user to publish to a gallery by assigning the Admin role to the user The role applies to all galleries In addition to using roles to enable permissions for galleries you can use entitlement permissions See Understanding Permissions Kaltura MediaSpace Setup Guide 7 Understanding the MediaSpace Setup Understanding Channels Channels are media collections that can be accessed by a subset of users or all authenticated users Channels can be created and managed by authorized end users or can be provisioned centrally by a KMC admin Understanding Roles and Permissions for Channels Entitlement permissions are used to assign permissions to channels for example enabling a user to add content to a channel Application Roles apply globally while channel permissions are contextual An example of contextual channel permissions is a user with Manager permissions for one channel and lower level Contributor permissions for another channel For a user to perform an action that a permission allows the action must be allowed by the user s application role Therefore you must ensure that a user with a permi
50. the new cacegory wi appear No Pani New Category gt Select place in tree d Inthe New Category window enter metadata for the new category and click Save New Category New Category gt Enter Details In MediaSpace define the root category a On the Configuration Management panel of the Kaltura MediaSpace Administration Area Kaltura MediaSpace Setup Guide 14 Setting Up MediaSpace open the Categories tab b Under rootCategory select the category that you created and click Save Configuration Management Backup Actions Important Notice click to open Export to a file H Categories Import from a file Developer Tools EE MediaSpace4 Create uiConfs for Widgets Which root category does MediaSpace use for all categories and content A root Create Custom Metadata category must be defined in the KMC profiles Global restricted lication nop Restrict categories to specific roles Only users with the specified role can view media in the restricted Client unmoderatedAdminRole can add media to the restricted category Roles Auth Gallery Save Player Widgets 3 Inthe KMC verify your root category and sub categories a Select the Content tab and then select the Categories tab b Verify that the root category is displayed with new sub categories C ot ra g or as Search Categories 7 T Categories ID i All Categories No Filte
51. thentication Methods cccccccseeeeceeeeseeeeeeeeaeeeeeeeesaeeeeeeeeesaaaeeeeesseaeeeeeessageeeeeeaaas 32 Kaltura MediaSpace Setup Guide 3 Preface Enabling Authorization Methods ccccccccsseeeeeeeeeeeeeceeeeeeeeeeeeeseeeeeeeeeessaeeeeesseaeeeesesaageeeseeeaas 33 Setting Up Authentication and Authorization ccccccccccsssssececcesseceeeeeeeeceeeseesseseeeeeseseeeessaeaeeeess 33 Configuring LDAP Authentication and Authorization ccccccccccssesseeeeeeeeeeeeeeeeeeeeeeesesaeeeeeees 33 Configuring SSO Gateway Authentication and Authorization rrrrnrrnnnrrrrrrrnnnnnrrnvrnnnnnennnnnnn 38 Configuring Header Authentication wiccsccsseissn acdiezeoscevassscsnseneeeeusnesanaesesaquaielaeenndacagecinaisennenssiineseusenies 39 Configuring Kaltura Authentication and Authorization cccccseecceceseeeceeeeceeceeeeeesseeeeeseaeees 40 Section 4 Using MediaSpace without Entitlement Features rrrrrrrrrnnrrrrrrrrnnnnverrnnnnnnrnnrnnnnnsennvnnnnnne 43 Restricting Categories rrnrnrnnnnnnnvrrnnnnnrnnnnnrornnnnnennnnnnrnnnannnsennansennnnnsennnannsennnnssennnnnsennnnssennnnsssennnn 43 Kaltura MediaSpace Setup Guide 4 Pretace This preface contains the following topics e About this Guide e Audience e Document Conventions e Related Documentation About this Guide This document details the setup required for Kaltura MediaSpace KMS Version 4 0 following installation or upgrade
52. tication and Authorization Are Managed in Kaltura e Scenario 3 Authentication Is Managed in an Organizational System Authorization Is Managed in Kaltura Usually both authentication and role authorization are set through integration with the organizational identity and group management systems scenario 1 Kaltura s authentication and or authorization options may be useful in the cases described in scenarios 2 and 3 NOTE User authorization to channel and content entitlements is handled separately S Understanding MediaSpace Authentication and Authorization Scenarios Scenario 1 Authentication and Authorization Are Managed in Organizational Systems When does this scenario apply You can use your organizational system as your MediaSpace identity and role authorization provider when e You have a large scale MediaSpace deployment You want all users to log into MediaSpace with their organizational credentials and to be authenticated by your centralized authentication system e You can provide access from the MediaSpace application to your authentication and group management systems e Authorization to access MediaSpace with a specific Application Role derive in most cases from user membership in organizational units or groups Who can access MediaSpace Only users who are authenticated and authorized by your systems can access MediaSpace Users who are not authenticated by your systems are denied access to MediaSpace and
53. tions Kaltura MediaSpace Setup Guide 33 Authenticating and Authorizing Users 4 Under refreshDetailsOnLogin select your preference This option affects the updating of the user s first name last name and email address when provided from your LDAP system upon every login refreshDetailsOnLogin Should user details on Kaltura be updated through an external authentication provider 5 Under IdapServer a Select the LDAP Server access and bind settings Your bindMethod selection will affect the information you need to provide for authenticating the user IdapServer Configure your LDAP Active Directory Server What is the address of your LDAP Server host Idap example com What is the port of your LDAP Server port 389 p y protocol Idap What protocol does your LDAP server use Idap or Idaps protocolVersion What is the protocol version of your LDAP server V2 or V3 What is the base DN of your LDAP server baseDn dc example dc com j bindMethod Which mode of operation is used for authenticating with LDAP Search before bind Search before bind x means thatthe users DN is discovered by searching the LDAP ad server Direct bind Search before bind means that the users DN is constructed automatically according to the format that you specify under userDnFormat displayed below when you select Direct Bind and no search is performed LDAP Server Configuration bindMethod selection
54. uth tab of the Kaltura MediaSpace Administration Area the following authentication methods are supported as part of the MediaSpace standard installation When you select an authentication adapter a set of relevant configuration fields is displayed to fill in Whatis the name ofthe PHP class for handling authentication KalturaAuth enables the built in User Management system located at admin users LdapAuth lets you use your organizational LDAP AD server to authenticate users To use your own custom class click Add custom value and enter the custom class name authNAdapter Header AuthN lz Header AuthN Kms_Auth_AuthN_Kaltura LDAP AuthN SSO Gateway AuthN Add custom value e LDAP Authentication User authentication and credentials validation through direct access to the organizational LDAP or Active Directory server e SSO Gateway Authentication A Kaltura generic gateway for integrating with a customer specific login and authentication implementation while providing the user with a Single Sign On experience e Header Authentication User is authenticated through a request in the organizational authentication system The response includes the authenticated user ID in a specific HTTP header e Kaltura Authentication Manage MediaSpace users and their authentication in Kaltura e Custom Authentication Methods For any other type of authentication method custom adapters can be developed and
55. ws 50 v 4 On the Select Categories window under the galleries category select one or more categories and click Apply select Categories gallery MediaSpaced site galleries Higher Education vf gallery2 gallery 1 gallery3 channels private archive Kaltura MediaSpace Setup Guide 19 Setting Up MediaSpace In the Entries table the entries are displayed when you filter for a category to which you assigned the entries galery2 CP Refresh Entries Search Entries Categories Thumbnail ID Name Type Plays CreatedOn y Duration Status Actions All Categories No Filter po Marco Tempest Th H 0 06 25 12 12 44 06 05 Converting Select Action v MediaSpace4 Vv site Peter Norvia The 1 0 06 25 12 12 43 06 11 Converting Select Action v galleries Higher Education iv gallery2 Wolfaana Kessing fl 0 06 25 12 12 42 11 35 Ready Select Action gallery 1 gallery3 channels I private archive Additional Filters Bulk Actions v 1 1 30f3 Show rows 50 w Also see Assigning MediaSpace Content to Channels To change an entry s MediaSpace content owner in the KMC Usually the user who uploads content in the KMC is not the administrative content owner of the media entry To change the owner of one or more entries 1 Inthe KMC select the Content tab and then select the Entries tab 2 Inthe Entries table select one or more entries click Bulk Actions and then select Change Owner 3 On the Change
Download Pdf Manuals
Related Search