The following are the general MEDIAL security settings.
Allow Anonymous Access – If this is set to No, all content on the library is protected by a log-on screen. Enabling anonymous (guest) access allows administrators to assign public access to categories by giving the HMLGuest account rights to it.
Anonymous User – The anonymous user is called HMLGuest. The name is hardcoded into the system and cannot be changed.
Enable Secure Categories – If this setting is enabled, individual categories can be secured.
Allow Direct Access to Personal Category – When this setting is enabled, a user who doesn’t have upload rights to any categories can access a personal category.
In the Users section, you can add, modify, and delete MEDIAL users.
Note: When users are authenticated using LDAP/Active Directory, you cannot add users to the system through the MEDIAL Users screen. Accounts are created for users when they successfully log in the first time using AD/LDAP. You can use the Users screen to view, but not to edit, the information populated by the directory services.
Clicking the Add New button brings up the Add User screen. Complete the form with the user’s details, supplying and confirming a password. In the list of groups, check the boxes to assign the user to at least one group. Click Save to save the user information.
Warning: A user must be a member of at least one group to be able to log in to the MEDIAL portal.
Groups are listed in the same way as users under the Groups accordion. Groups can be searched, edited, and deleted in the same way as users.
Click Edit next to a group to edit the group.
You can change the following options under Details:
Group Name – Name of the group, which can be changed.
Note: When you use authentication directory services, the groups need to have the same name as the Organizational Units or Security Groups within your AD/LDAP infrastructure, depending on which is being used for authentication.
Administrator – Checking this box makes the group an administrative group. All users in the group will have full administrator rights to the library.
Upload Limit – Sets an upload limit on each group member. Once this limit is reached, the user cannot upload more content until they delete existing content or wait until the next calendar month, depending on the personal upload limit type in the system settings.
Tip: If a user is a member of multiple groups that have upload limits, the user's absolute upload limit is the aggregate value of the member group limits.
The Group Access area lists the categories in the media library. You can give a group the following access to categories:
None – Group members cannot view or upload to this category.
View – Group members can play the media in the category but cannot upload content to the category.
View and Upload – Group members can view and upload media to the category.
View, Upload and Administer – Group members can view and upload media to the category. They can also delete clips in the category and edit the content of other users in the category. They may also move content to any of the other categories that they have administration privileges for.
For more information: Category administrators can manage content in their categories using the My Media area of their accounts.
The learning tools interoperability section allows MEDIAL to integrate with third-party learning tools such as Moodle and Blackboard. This section defines the information that MEDIAL uses to authenticate itself with the learning system. The same values must also be defined in the Moodle and Blackboard plugins. In the administrator settings area, you can also customize LTI global settings.
The Access Level drop-down indicates the type of authentication used with the learning system:
LTI and AD/LDAP
MEDIAL provides different ways for learning tool users to access the media library. It supports Learning Tool Interoperability (LTI), which is supported natively in the learning environments. If you are using AD/LDAP to authenticate MEDIAL users, you can use the AD/LDAP setup alone or in combination with LTI. The following sections describe these authentication methods.
Note: All types of authentication simply allow access to MEDIAL from within the learning tool. Once content is selected and subsequently displayed on the LMS Course page it is, in most cases, viewable by users with access to that Course Page. However if AD/LDAP is used for authentication and a user not registered with directory services tries to view the content, the access is denied.
Choose LTI Only if you are not using directory services authentication through AD/LDAP. In this scenario, Blackboard or Moodle users are automatically and seamlessly registered as new MEDIAL users the first time they use the learning tool. MEDIAL populates its user records from information sent by the tool, such as the first time, last name, and e-mail address. The learning system account is thereafter associated with the MEDIAL user account so that personal media uploads are available to the user on each subsequent use of the learning tool.
Note: With LTI Only, users can upload media into and select media only from their personal category. No other categories are exposed to them when searching for content.
With AD/LDAP Only, Blackboard and Moodle users are prompted to log in using their AD or LDAP credentials when they access MEDIAL from the learning tool. MEDIAL populates its user records from information sent from AD/LDAP about the user, such as the first name, last name, and e-mail address. The learning system account is thereafter associated with the MEDIAL user account so that personal media uploads are available to the user on each subsequent use of the learning tool.
The benefit of this method is that existing MEDIAL users have access to their existing account and content. Also, it provides users access to the MEDIAL categories they would normally have access to through the portal, allowing them to upload to the categories for which they have upload rights, not just their own personal categories.
This method of authentication requires that users log in on first use of the learning tool so that their account in Blackboard or Moodle can be tied to a MEDIAL account and inherit that account's group privileges. The following figure demonstrates the log-in screen.
If the user selects Yes, they are prompted to enter their AD or LDAP credentials. Their Blackboard or Moodle account is then associated to the matching MEDIAL account as with AD/LDAP Only.
If the user selects No, they will be auto-registered as a new MEDIAL user as with LTI Only.