How to use your Azure Active Directory to access the ITESLIVE Studio

This is a technical procedure that allows you to connect your Azure Active Directory to the ITESLIVE Studio. Once this has been completed, your users can link their Active Directory accounts to their ITESLIVE user

 

Available with:
Windows Player : Starter, Pro, Premium
Web Player : Starter, Pro, Premium
LG webOS Signage Player : Starter, Pro, Premium
Samsung SMART Signage Platform (SSSP / Tizen) Player : Starter, Pro, Premium
Brightsign Player: Starter, Pro, Premium
Android Player: Starter, Pro, Premium
Linux Player: Starter, Pro, Premium
macOS Player: Starter, Pro, Premium

 

Note: It is possible to create a link between your corporate accounts (Azure Active Directory) and your users on the Studio That being said, this procedure is technical and will require the help of your network administrator.

 

The association between your Azure Active Directory and your ITESLIVE Studio users is made in several steps, there are configurations on your Microsoft Azure environment and there are configurations that must be completed once you are connected to the ITESLIVE Studio.

Important: Your administrator must have access to the ITESLIVE Studio to complete part of the procedure, they will ne to have the permission to create a new connection provider on the ITESLIVE Studio.

1. Microsoft Azure Configurations

Important: The installation and the configuration of the Azure Active Directory features must have been completed on your Microsoft Azure environment to proceed with this procedure.


Once you are connected to your Microsoft Azure portal, click "More services".
1

On the "All services page", click on "Azure Active Directory".
2

Click the "Add' button and select "App registration".
3

Enter a name that represents the reason for which the "App registration" will be used.
I.E. ITESLIVE Studio
4

Ensure that the "Accounts in this organizational directory only" radial button is active.
5

Under the "Redirect URL (optional)" header, select the "web" platform and enter the following URL.

https://studio.iteslive.tv/api/SSO/LoginSSO

6

Click on the "Register" button in the bottom left corner of the window to complete the "App registration" creation.

7

Once you are on the page for the "App registration" you just created, click on the "Add a certificate or secret" button.
8

Click on the "New client secret" button.
9


Enter a description for the client secret and select the expiration date among the options offrd by Microsoft Azure and click the "Add" button.

Important: Il est important de prendre en note la configuration sélectionnée pour la date d'expiration, car le lien entre le Studio ITESLIVE et l’Azure Active Directory ne fonctionnera plus suite à l'expiration du secret.

10

Copy and conserve the client secret's value, this information will be required to complete the configurations on the ITESLIVE Studio and will not be available after you close this window.
11

Click on the "Token configuration" button. 
12

Click the "Add optional claim" button.
13

Activate the "ID" button.
14

In the list displayed under the token types, click the "email" entry and click the "Add" button.
15

In the pop-up, activate the "Turn on Microsoft graph email permission" checkbox and click the "add" button.
16


To obtain the information for the "Client Id", "OAuth2 URL Authorize" and "OAuth2 URL Token"  that will be required for the configurations on the Studio, click on the "Overview" button.
17

Click on the "Endpoints" button.
18

Copy and conserve the values of the "Application (client) ID", "OAuth 2.0 authorization endpoint (v2)" et "OAuth 2.0 token endpoint (v2)" fields.
19


2. ITESLIVE Studio configurations

Important: The user that will complete the following steps will need to have access to creating a login provider in the ITESLIVE Studio.

Once logged into the ITESLIVE Studio, click the configuration tab and select the login provider management.
11 gestion methodes connexions

Select the account group in which you wish to add a login provider. If you want to apply this change for your entire organization, you can simply select the account group that contains your entire display network.  Once you have selected the account group, click the "New login provider" button. 
12 nouvelle methode connexion

The next step is to complete the following fields.

  • Name:The name that will identify this connection method on the Studio.
  • Client Id: The Client ID of the application that will be used.

Note: The Client ID is the one you noted earlier on in the process.

  • Client Secret:  This field is the client secret you created earlier.

Note: The Client secret is the one you noted earlier on in the process.

  • OAuth2 URL Authorize: This information must be taken from your App registration in your Azure Active directory.

Note: The OAuth2 URL Authorize is the one you noted earlier on in the process.

  • OAuth2 URL Token: This information must be taken from your App registration in your Azure Active directory.

Note: The OAuth2 URL Token is the one you noted earlier on in the process.

13 infos methode connexion

Once you entered the required information to create a new login provider, click the icon that represents a floppy disk to save the login provider.
14 save

3. Associating an ITESLIVE user with your Active Directory

Following the creation of the login provider, users will be able to connect their Active Directory account in their user preferences. A new button is displayed with an icon representing a key will be displayed.

15 bouton methode connexion

The ITESLIVE Studio will redirect the user to an SSO connection page, the user must successfully connect to their user on the Active Directory the association will be displayed in the alternate login list once this has been completed.

16 list