Adding revoked user strategies
Revoked user strategies are policies that Mediasite's
System job, which runs nightly, will use to mark user profile statuses as
inactive. You will specify strategies for users that have been deleted from or
archived from your AD or LDAP directory as well as for users who have been
locked out of the system.
You can add multiple policies, corresponding to each
strategy, for each security provider connected to your Mediasite.
Add strategy for deleted and locked users
To create a strategy for deleted or locked users:
1. Click
Security > Revoked User
Management > Add New and specify the
following:
|
Settings |
Details |
|
Name |
Enter a name for the revoked
access strategy that will help you and other users identify it
easily. |
|
Enable this
Strategy |
Enabled by default, clear this
check box to prevent the System job from using the revoked user strategy
you will select below. |
|
Strategy |
Select Deleted or locked user in an existing Security
Provider. |
|
Security
Provider |
Select the directory where you
want the system job to search for deleted or locked users. Click Test Connection to verify Mediasite can connect to the
directory.
 If the test connection fails,
verify your settings are correct. If they still do not work, contact your
organization’s directory administrator or the person responsible for
deploying your Mediasite.
|
|
Update status to
Inactive for locked users |
Select this this option to have
the System job mark the statuses for all locked out users as Inactive:
Locked. The system automatically resets these users’ statuses to active
when they successfully log into any Mediasite application. Mediasite
administrators can also reset users’ statuses from their user profile
page. |
|
Update status to
Inactive for deleted users |
Select this this option to have
the System job mark the statuses for all deleted users as Inactive:
Deleted. |
2. Click
Save. When the System job runs next, it will use the
settings specified to mark users as inactive.
Add strategy for deleted and locked users
Add strategy for users archived in same
directory
To create a strategy for users archived to a
different place in the same directory:
1. Click
Security > Revoked User
Management > Add New and specify the
following:
|
Settings |
Details |
|
Name |
Enter a name for the revoked
access strategy that will help you and other users identify it
easily. |
|
Enable this
Strategy |
Enabled by default, clear this
check box to prevent the System job from using the revoked user strategy
you will select below. |
|
Strategy |
Select Archived user in an existing Security
Provider. |
|
Security
Provider |
Select the directory you want the
system job to search for archived users. |
|
Archive DN |
Specify the distinguished name
for the top level of the archive directory. |
|
Scope |
Select where in the specified directory location you want
the System job to search:
•
Base: Searches only the directory
location.
•
OneLevel: Searches the directory location
and its children nodes.
•
Subtree: Searches the entire tree
structure with the root being the directory
location. |
2. Click
Test Connection to verify Mediasite can connect to the
directory and the location specified.
If the test connection fails, verify
your settings are correct. If they still do not work, contact your
organization’s directory administrator or the person responsible for deploying
your Mediasite.
3. Click
Save. When the System job runs next, it will use the
settings specified to mark users as Inactive: Archived.
Add strategy for users archived in the same directory
Add strategy for users archived in different
directory
To create a strategy for users archived to a
different directory:
1. Click
Security > Revoked User
Management > Add New and specify the
following:
|
Settings |
Details |
|
Name |
Enter a name for the revoked
access strategy that will help you and other users identify it
easily. |
|
Enable this
Strategy |
Enabled by default, clear this
check box to prevent the System job from using the revoked user strategy
you will select below. |
|
Strategy |
Select Archived user in an external
directory. |
2. Specify the directory information:
|
Settings |
Details |
|
Provider
Type |
Choose LDAP
Directory or Active Directory. |
|
Server
Path |
Enter the path of the
directory. |
|
SSL |
Select this check box if you
already have Secure Socket Layer configured on your system. |
|
Base DN |
Enter the distinguished name
for the top level of the directory. |
Add strategy for users archived in different directory, select
strategy and specify directory
3. Specify the information
needed to connect to the external directory and locate users:
|
Settings |
Details |
|
Username &
Password |
Enter the credentials needed to
connect to the directory. |
|
Use Anonymous
authentication |
Select this check box to
connect to a LDAP directory that does not require user
credentials. |
|
Users DN |
The distinguished name for the
user directory. |
|
User Id Property
Name |
The attribute used to identify
a User ID in the directory. |
|
User LDAP Search
Filter |
The filter to use when
searching the directory for users. |
4. Click
Test Connection to verify Mediasite can connect to the
directory.
If the test connection fails, verify
your settings are correct. If they still do not work, contact your
organization’s directory administrator or the person responsible for deploying
your Mediasite.
5. If you
selected LDAP, specify the Timestamp Property Name and
Timestamp Property Date Format.
6. Click
Save. When the System job runs next, it will use the
settings specified to mark users as “Inactive: Archived”.
Add strategy for users archived in different directory,
directory credentials and user configuration