Gallery Level Protection: Portal with SSO/SAML

Gallery Level Protection for a Portal

Once you are integrated with Brightcove, you will have the ability to build different types of protected galleries. This article will focus on Portal protection.  

When you are on the Brightcove Integration page in your 2Account, you will see three available tabs: Gallery Level Protection, Video Level Protection, and Event Tracking Plugin.  Make sure the Gallery Level Protection option is selected.

To add a new product, click the green "+ Add Product" button. This will open your configuration window. By default, the fields will be empty. The following is an example of a completed Portal configuration.

The Product Name is, well, the name of your product. The products will be listed in a dropdown menu on a Stream2 Brightcove Form to select the product you are selling access into.

After entering a Product Name into the field, you can hit the tab button or click into the Product Link text box which will automatically pre-fill with the name of your product that is viewable in the Stream2 link.  This can be edited if necessary, but remember, alphanumeric characters and dashes are the only characters allowed.

The Brightcove Experience Type is a dropdown menu that allows you to choose "Portal" or "In-Page."  Select "Portal."  (For In-Page setup information, click here.)

The Brightcove Gallery URL is an editable text box.  You will need to copy the URL from your Brightcove gallery and paste it into this text box. The URL you want to enter can be found in the publish window for your gallery in Brightcove application. The URL can be a custom domain setup or it may be one of the options provided by Brightcove. A gallery URL may look similar to this: https://site-676883211.bcvp0rtal.com

Presentation Manager is a dropdown menu that lets you choose the corresponding Presentation Manager that will be used to display the login, authenticate with email, and passcode options in order to access your Portal.  Select the one you want to use.

Tessitura Constituencies is a multi-select drop down menu that allows you to choose one or more constituencies which will provide access to this Portal. If a patron has one of the selected constituencies on their Tessitura constituent record, they will be able to access your portal. 

The Session Timeout allows you to customize how long people can access your content via the Portal before they would have to log in again.  In the above example, a patron would have 24 hours from the time they land in the Portal to view the available content. If they were to refresh the page at hour 23, the clock would reset for another 24 hours and they would retain access without having to log in again.

Once the above settings are configured, click the "Save" button.  This will save this configuration to your 2Account Brightcove products.  Since this is set up as a Portal, you will see a green button in line with the product name that says "Generate."  when you click that, your Brightcove Access Control Profile Data window will appear (below).  

Keep this window available and make sure you have your Brightcove account open in a different tab or window.  The above sections will need to be copied and pasted into your Brightcove gallery information.

In your Brightcove account, hover or click into your "Home" menu.  From there, click on "Gallery."  Once in your gallery, click on "Settings" and then navigate to the left-hand menu and click on "Access Control Panels." 

From there, click on the "Create Profile" button.  This will allow you to name the profile and reiterate the session timeout from above. It is important that the timeout in both configurations match.

Once those are added, click on the SSO - Requires a username and password for access checkbox.  This is where you will copy/paste the information from your 2Account.  The SAML 2.0 Endpoint (HTTP), X.509 Certificate, SAML Issuer / Entity ID Override, and ACS URL Override will be from your 2Account information.  

The SAML AuthnContext Override is automatically defaulted by Brightcove.  You will keep this section as the default.  In the Expose SAML attributes for use in external JavaScript text box, you will enter "Email."

Once those sections are complete, click "Save."  You can now close out Brightcove Access Control Profile Data window as well.