Skip to main content
Schedule Upgrade Schedule Training Cloud Status Storage Calculator Volicon Support
Support Policies Release Notes Cheat Sheets Quick Start Guides Admin Resources User Resources

Search

Welcome To SnapStream Support

How To Add Azure SSO to your SnapStream Cloud

Question:

Our company uses Azure SSO. How do I configure it on the SnapStream Cloud?

Answer:

Pre-requisites:
- You must have a “Premium” tier enabled on your Azure AD account to utilize SAML 2.0
- You’ll need to enable the Graph API in Azure AD

  1. Log in to your SnapStream server as an administrator and navigate to Admin -> Security
    -> Config. Set “External Authentication” to SAML 2.0 and leave this tab open.mceclip0.png
  2. Open the Azure Portal and choose “Azure Active Directory” from the left-hand sidebar
    and choose “Enterprise Applications” -> “New Application” and choose “Non-Gallery
    Application”, give it a name (I’m partial to “SnapStream SAML” in this example) and press “Add”.
  3. You’ll be dropped on the new app’s Overview page. Choose “Single sign-on” from the
    menu and then choose the SAML card from the screen that follows.
  4. Copy the Azure AD Identifier from Box #4 and paste it into the Identifier (Entity ID) box #1mceclip1.png
  5.  Go back to the SnapStream tab you had open and copy the ACS URL. Paste the ACS URL into the Reply URL in Azure AD and click Save.mceclip2.png
  6. Click the edit pencil in box #2 to edit the user attributes and claims and click the pencil to
    edit the Name identifier value. Set the source attribute to user.mail and set the name
    identifier format to “Email address” and save. Your User Attributes & Claims should look
    like this.mceclip3.png
  7.  Your setup should be similar to this. You will also need to download the Federation Metadata XMLmceclip4.png
  8. Go to Azure Active Directory -> App Registrations (Preview) -> -> Manifest In the Manifest editor, look for the line that reads “groupMembershipClaims”: null, - we have two options here. Changing that null to “SecurityGroup” will allow the end-user to use their AD security groups in SnapStream. Changing the value to “All” will allow security groups and distribution lists to both be used. In most cases, using “SecurityGroup” is going to be our best option.mceclip5.png
  9. We’re now done configuring SAML from within Azure AD. The one thing left to do is to copy the
    Object IDs used to identify groups within Azure - we’ll need these when establishing mappings
    between groups in SnapStream
  10. In the Azure Portal, go to Azure Active Directory -> Groups and open each group that the end
    user would like to see reflected within SnapStream.
    With the group opened, make a note of the group name and its associated Object IDmceclip6.png
  11. With that information written down, go back to the SnapStream tab you’d left open in an earlier
    step. It should conveniently be sitting at Admin -> Security -> Config.
    Use the browse button to import the Federation Metadata.xml that you’d downloaded earlier. It
    will populate the endpoint, issuer & certificate fields for you. Save this page.
  12. The final remaining step is to map groups within SnapStream to the user’s groups in AD. Using
    your list of group names and object IDs, open each group that you’d like to map and paste the
    object id string from its corresponding AD group into the “Linked SAML Groups” field.mceclip7.png

Additional Notes:

- Requires a SnapStream Admin account

Applies to Version:

SnapStream Cloud 9.x and higher

 

Daryl Paid
  • Updated

Related articles

Contact Us