Setting up user profile provisioning

Mediasite allows you to create validated user profiles automatically using your security or third-party identity provider (Active Directory, Global Catalog, LDAP, LTI, SAML). You can use email address and display name attributes inherent to your security or identity provider to customize user profiles. When a user successfully logs into My Mediasite or Management Portal, if a user profile does not exist, Mediasite extracts the attributes you specify to create a validated user profile. Mediasite then assigns a default quota level and time zone to the provisioned user profile.

User profile provisioning is useful in large-scale deployments in which creating user profiles and making sure your users validate them can be a daunting task.

 

 If a user does not have the SAML, Basic LTI, AD, or LDAP attribute used to create user profiles or the attribute doesn’t exist Mediasite will prompt them to create a user profile the first time they log into Management Portal or My Mediasite.

  The instructions provided here assume that the person setting up user profile provisioning has experience integrating enterprise software with SAML, Basic LTI, AD, GC, or LDAP. For more information, contact the person responsible for deploying Mediasite in your organization.

You will define the default time zone as part of the Portal Profile Default Settings. For more information, see Update Portal Profile Default Settings.

 

Select a default quota level

You will select a default quota level as part of the Site Information server setting. When Mediasite automatically creates a user profile user, it assigns the user the default quota level. You can update a user’s quota policy at any time.

To select the default quota level for user profile provisioning:

1.  Click Settings > Server Settings > Site Options and select the Default Quota Level check box.

2.  Select the quota level you want and click Save.

 

Server Settings: Default Quota Level

 

 You must enable quota levels on Mediasite and add quota levels on the Settings > Quota Levels page before you can select a default quota level.

 

Enable user profile provisioning for a service provider

If you are using a security provider (external directory) to add users to Mediasite, you will enable user profile provisioning as part of the settings used to connect Mediasite to the directory.

When users log into the Portal or My Mediasite for the first time, the system automatically creates user profiles for them and assigns them default quota levels. User profiles are created in a validated state, so users will not receive activation emails.

To enable user profile provisioning for a service provider:

1.  Click Security > Security Providers and select a security provider.

2.  Click Advanced settings and select the Automatically create User Profiles on Login to My Mediasite or Management Portal check box to have Mediasite create user profiles automatically using the User Email Property Name and a Display Name Attribute.

3.  In the Display Name Attribute field enter the attribute that will be used to create the user profile. You can customize the display name using concatenated strings that include plain text strings and LDAP/AD attributes.

4.  Click Save.

 

Enable user profile provisioning for a security provider (external directory)

 

 Security providers are connected to Mediasite during deployment. For more information, see the Mediasite Deployment Guide or contact the person responsible for deploying your Mediasite.

 

Enable user profile provisioning for Basic LTI

If you are using Basic LTI, you will enable user profile provisioning when you add your Learning Management System (LMS) as a Basic LTI consumer. When users log into My Mediasite for the first time via the LMS, the system automatically creates user profiles. User profiles are created in a validated state so users will not receive activation emails.

To enable user profile provisioning for a Basic LTI consumer:

1.  Click Security > Basic LTI Management and select a Basic LTI consumer.

2.  Select the Automatically create User Profiles on Login to My Mediasite or Management Portal check box and specify the attributes that will be used to create user profiles:

Settings

Details

Display Name Attribute

Enter simple or templated Basic LTI attributes to create the display name.

Email Address Attribute

Enter simple or templated Basic LTI attribute to create the email address.

 

3.  Click Save.

 

Enable user profile provisioning for Basic LTI (Blackboard)

 

    Basic LTI is configured on Mediasite during deployment. For more information, see the Mediasite Deployment Guide or contact the person responsible for deploying your Mediasite.

 

Enable user profile provisioning when configuring SAML 2.0

If you are using a third-party identity provider that supports SAML 2.0, you will enable user profile provisioning as part of the SAML 2.0 Configuration settings. When users log into the Portal or My Mediasite using single sign-on for the first time, the system automatically creates user profiles for them and assigns them default quota levels. User profiles are created in a validated state so users will not receive activation emails.

To enable user profile provisioning for a Basic LTI consumer:

1.   Click Security > SAML 2.0 Configuration.

2.  Select the Automatically create User Profiles on Login to My Mediasite or Management Portal check box.

3.  Enter the following attributes as they will appear in the SAML Response:

Settings

Details

Display Name Attribute Name

Enter the name or object identifier (OID) used to identify the display name.

Display Name Attribute NameFormat

Optionally, enter the attribute type.

Email Address Attribute Name

Enter the name or object identifier (OID) used to identify the email address.

Email Address Attribute NameFormat

Optionally, enter the attribute type.

 

4.  Click Save.

Enable user profile provisioning for SAML 2.0 (SAML for ADFS)

 

Adjust user profile creation loggings level

Mediasite provides log files that allow you to audit and troubleshoot user profile creation. You can adjust the logging levels as needed to troubleshoot your system. There are eight logging levels with the "Debug" logging level, which is the most verbose, being used for in-depth troubleshooting. The "Emergency" logging level is the least verbose.

To adjust the logging levels for user profile creation:

1.  Launch Management Portal and click LMS Integration > Settings > Site Properties for SSO.

2.  From the User Profile Creation Log Level drop-down list, select the logging level you want. The default logging level is Debug.

3.  Click Save at the top of the Settings page.

 

Management Portal: Adjust the user profile creation logging level