When configuring Mediasite to use Active Directory for authentication, you must complete set up of at least one connection to your enterprise Active Directory. If you are unsure of the values required to complete this form, please consult with your Network Administrator. Many times, Network Administrators have completed similar configuration for other applications and can assist with completing this configuration.
Setting up an Active Directory Integration
Discovering User and Group Attributes
When configuring the directory integration, is is helpful to have access to the Attribute Editor within the Active Directory User and Computers application. This tool will allow you to view the user and group properties (e.g. user ID, Display Name, Email) that are required by Mediasite.
A full list of attributes supported by Active Directory can be found at this Microsoft site.
Connecting Active Directory to Mediasite
- Browse to the Management portal
- Click Security > Security Providers
- Click Add
- Complete the form
- Click Test Connection
- If test passes, click Save
Directory Connection Server
| Field | Sample Value | Description |
|---|---|---|
| Name | Active Directory | The friendly name of the Security Provider |
| Provider Type | Active Directory | |
| Server Path | LDAP://companydirectory.com | Enter the pat of the directory. The path should include the FQDN or IP address of the server where the directory is located and the port. The default LDAP port is 389. The default Global catalog port is 3268. Your AD Administrator will provide this value. |
| SSL | Enabled or Disabled | Your AD Administrator will provide this value. |
| Base DN | DC=company,DC=com | The base DN of you AD. Your Ad Administrator will provide this value. |
Directory Connection Credentials
| Field | Sample Value | Description |
|---|---|---|
| Username | Username of the domain account used to bind to AD. Ensure the username has the rights to search the entire directory for Users and Groups. | |
| Password | Password of domain account. | |
| Do not use Fast Bind even if the directory declares support for Fast Bind | Unchecked | Typically, this value is left unchecked unless your AD administrator advises you to enable it. |
User Configuration
| Field | Sample Value | Description |
|---|---|---|
| User DN | DC=company,DC=com | Description of users within your Active Directory. |
| User ID Property Name | SAMAccountName or UserPrincipalName | The username that will be used within Mediasite (e.g. john.smith). Ideally, this username should match the username values of other systems on your network. |
| User Display Name Property Name | displayname | The display name of the user account (e.g. John Smith) |
| Email Property Name | ||
| Group Membership Property Name | memberOf | |
| User LDAP Search Filter | &(objectClass=User)(objectCategory=Person) |
Groups Configuration
| Field | Sample Value | Description |
|---|---|---|
| Groups DN | DC=company,DC=com | Location of Group accounts within your Active Directory. |
| Group ID Property Name | distinguishedName | |
| Group Display Name Property Name | cn | |
| Group Member Property Name | member | |
| Group LDAP Search Filter | (objectClass=Group) | |
| Perform a nested group search | Checked | |
| Determine group membership using security groups | Checked | Typically, this value is checked. Consult your Network Administrator if you are unsure of the proper value. |
Search Configuration
| Field | Sample Value | Description |
|---|---|---|
| Page Size | 1000 |
User Profile Provisioning
| Field | Sample Value | Description |
|---|---|---|
| Automatically create User Profiles on Login to My Mediasite or Management Portal | Checked | |
| Display Name Attribute | displayname |
Searching Multiple Role Providers
When multiple directories are being connected to Mediasite (e.g. Mediasite Directory and Active Directory), it’s helpful to instruct Mediasite to look through all connected directories when a user logs in. This can be helpful for advanced integrations. To enable this feature:
- Browse to the Management Portal
- Click: LMS Integration > Site Properties for SSO
- Check: Enable searching all role providers
Was this Information helpful?
Let us know if you found this lesson helpful. That’s the only way we can improve.