Security

The security features control access to the media library and determine the level of access each user has. You create and manage user accounts in the User section, groups in the Groups section.

Active Directory and LDAP integration is enabled using a separate module available to purchase through your system provider. Please contact your local sales representative for details.

Security Settings

The following are the general MEDIAL security settings.

  • Allow Anonymous Access – If this is set to No, all content on the library is protected by a log-on screen. Enabling anonymous (guest) access allows administrators to assign public access to categories by giving the HMLGuest account rights to it.
  • Anonymous User – The anonymous user is called HMLGuest. The name is hardcoded into the system and cannot be changed.
  • Enable Secure Categories – If this setting is enabled, individual categories can be secured.
  • Allow Access Without Group –When enabled, a user who doesn’t have upload rights to any of the categories on the system will be able to access their personal category through the My Account section
  • Allow Local Groups and Users when AD/LDAP Used – Setting this option to Yes enables the use of local users and groups in MEDIAL when the AD/LDAP plugin is in use.
  • Restrict Iframe Domains Play – It is possible to restrict where the play page is embedded with an iframe by changing the value:
    • ALL allows play page links to be embedded in an iframe anywhere.
    • NONE allows links to be embedded in an iframe nowhere outside of MEDIAL. You can then select a specific domain where it can be embedded.

  • Restrict Iframe Domains Other – The options for this setting are the same as the field above, however it applies to all links other than player links in MEDIAL.

Users

In the Local Users section, you can add, modify, and delete MEDIAL users created locally. In the AD/LDAP Users section, you can modify and delete the users who log into the system with their directory services account. Both security sections function the same way.

The Directory Services integration module is required to use the AD/LDAP Users section functionality. For more information on how AD/LDAP integration works see LDAP/Active Directory .

Adding Users

Clicking the Add New button brings up the Add User screen. Complete the form with the user’s details, supplying and confirming a password. In the list of groups, check the boxes to assign the user to at least one group. Click Save to save the user information.

A user must be a member of at least one group to be able to log in to the MEDIAL portal.

Groups - Local and AD/LDAP

Groups are listed in the same way as users under the Groups accordion. Groups can be searched, edited, and deleted in the same way as users.

Click Edit next to a group to edit the group.

Group Details

You can change the following options under Details:

  • Group Name – Name of the group, which can be changed.

    When you use authentication directory services, the groups need to have the same name as the Organizational Units or Security Groups within your AD/LDAP infrastructure, depending on which is being used for authentication.

  • Administrator – Checking this box makes the group an administrative group. All users in the group will have full administrator rights to the library.
  • Upload Limit – Sets an upload limit on each group member. Once this limit is reached, the user cannot upload more content until they delete existing content or wait until the next calendar month, depending on the personal upload limit type in the system settings.

    If a user is a member of multiple groups that have upload limits, the user's absolute upload limit is the aggregate value of the member group limits.

    Local group - checking this box will make the group local, if it is currently an AD/LDAP group. Doing this will move it into the Local Groups area. Unchecking the box will turn it back into an AD/LDAP group, and move it back into the AD/LDAP Groups Area.

    Changing an AD/LDAP group to a local one may prevent users who previously accessed MEDIAL via membership of this group from accessing the system

  • Live channel access - Checking the box to allow access to live channels provides all members of the group with the ability to create live channels. Enabling this option at the group level overrides the setting for user accounts individually if access is disabled
  • MEDIALecture - Checking the box to allow access to MEDIALecture will allow all members of the group access to the MEDIALecture application. Enabling this option at the group level overrides the setting for user accounts individually if access is disabled

 

Group Access

The Group Access area lists the categories in the media library. You can give a group the following access to categories:

  • None – Group members cannot view or upload to this category.
  • View – Group members can play the media in the category but cannot upload content to the category.
  • View and Upload – Group members can view and upload media to the category.
  • View, Upload and Administer – Group members can view and upload media to the category. They can also delete clips in the category and edit the content of other users in the category. They may also move content to any of the other categories that they have administration privileges for.

    Category administrators can manage content in their categories using the My Content area of their accounts.

Learning Tools Interoperability

The learning tools interoperability section allows MEDIAL to integrate with third-party learning tools such as Moodle and Blackboard. This section defines the information that MEDIAL uses to authenticate itself with the learning system. The same values must also be defined in the Moodle and Blackboard plugins. In the administrator settings area, you can also customize LTI global settings.

  • Key and SecretMEDIAL provides these credentials to the learning tool to access it. The same key and secret must also be entered in the Moodle or Blackboard interface.
  • The Access Level drop-down indicates the type of authentication used with the learning system:
    • None
    • LTI and AD/LDAP
    • LTI Only
    • AD/LDAP Only
    • AD/LDAP and Local Account
    • LTI, AD/LDAP and Local Account

Learning Tool Authentication Types

MEDIAL provides different ways for learning tool users to access the media library. It supports Learning Tool Interoperability (LTI), which is supported natively in the learning environments. If you are using AD/LDAP to authenticate MEDIAL users, you can use the AD/LDAP setup alone or in combination with LTI. The following sections describe these authentication methods.

All types of authentication simply allow access to MEDIAL from within the learning tool. Once content is selected and subsequently displayed on the LMS Course page it is, in most cases, viewable by users with access to that Course Page. However if AD/LDAP is used for authentication and a user not registered with directory services tries to view the content, the access is denied.

 

 

MEDIAL Help Start Page ©2019 Streaming Ltd MEDIAL Home Page   MEDIAL Support Site