Question:
How do I configure SnapStream Security to use LDAP Active Directory Authentication?
Answer:
Configure SnapStream to talk to Active Directory using LDAP
- We recommend that you join the SnapStream system to your domain. Please read this before doing so: Considerations when joining a SnapStream System to your domain.
- Sign into the SnapStream WebUI and browse to Admin > Security (under Settings on the left) > Config to configure the SnapStream settings to communicate with your LDAP server and click the save button (details below) .
- External Authentication: LDAP
- LDAP Type: Active Directory
- LDAP Path: The location of the LDAP server that manages users that will be logging in to SnapStream. NOTE: Typing the domain name works in most cases.
- LDAP Requires Login: Enable this option if your LDAP server requires an existing username and password in order for SnapStream to validate users against LDAP.
- LDAP Username, LDAP Password, and Confirm Stored LDAP Password: Enter the credentials for a user account that has permission to query your LDAP server for group membership of the users that will be logging in to SnapStream.
NOTE: If LDAP requires login, we recommend that the user account configured here be a service account with a password that doesn't change. This is because SnapStream will be using it to interact with Active Directory for authenticating other AD users. If the credentials entered here were to ever change, SnapStream LDAP integration would stop working, and AD users wouldn't be able to log in to SnapStream until these credentials were updated.
Link your SnapStream Security Groups to groups that exist in Active Directory.
- Browse to Admin > Security (under Settings on the left) > Groups, and edit or create a new SnapStream Security group you would like to link to an active directory group.
NOTE: You will not be able to edit the SnapStream Security group that you are actively logged in as. - Linked LDAP Groups: Type the name of the relevant Active Directory groups for the users you want to link to this SnapStream Security group (you can add more than one).
- Click Save.
Additional Notes:
- If an Active Directory user is linked to multiple SnapStream Security groups, SnapStream will always implement the linked SnapStream Security group with the most permissions.
- Please consult SnapStream support if more guidance is needed.
- LDAP Configuration can be done on SnapStream Encoders too, but you will need to browse to the encoder's security configuration page and security group page manually (see below).
- Security > Config page: http://<encoder>/Admin/SecuritySettings
- Security > Groups page: http://<encoder>/Admin/Groups
Applies to Version:
All versions of SnapStream.