Automating user authentication

Many organizations already have implemented a group management system in the form of Microsoft Active Directory, Novell Directory Services, OpenLDAP, Sun iPlanet, Open Directory from Apple, or another system.  These directories allow users to log in to the network to gain access to various services and permissions.  MediaCAST LDAP/Active Directory Module supports user account authentication from the client’s existing user directory.  It supports Microsoft Active Directory, eDirectory and OpenLDAP protocol.  If the client's directory system is compliant with the LDAP standard (which most are), MediaCAST can integrate and pull user and group membership information at time of login. The immediate benefit is that end users can log in to MediaCAST with their existing, well-known username and password.  This minimizes the training requirement and reduces the cost of support, as there is only one set of account information to keep track of.

This can be useful because it is often quite time-consuming to reenter all the usernames (potentially thousands) and rekey all the group membership information.  With a properly integrated directory server, MediaCAST users can sit down, log in with their standard username and password, and work normally.

With the sign-on process successful, MediaCAST will query the LDAP database about that user's  group membership.  Then, armed with this information, MediaCAST can automatically make available certain content based on the group membership that was pulled from the external directory server.

The user authentication integration provides for a means to automatically map users’ credentials such as groups from the client’s directory with credentials in the digital content system for permission purposes.  Accounts are synchronized so that disabling a user in the client’s directory also makes the digital content system inaccessible until the user is reactivated in the client’s directory.  Concurrent with support of authentication from the client’s directory, the system supports manual management of user accounts.  Sophisticated automatic group mapping from your directory can be used to assign user permissions as well as restrict and grant content access.   Concurrently with this integration method, MediaCAST supports the ability from within the Web-interface for the client’s system administrator to perform a mass import of user data.  It supports import from a text delimited file with duplicate record verification and error checking. 

• Active Directory / LDAP integration supports iterative scanning of multiple LDAP
• Active Directory / LDAP handles password changes seamlessly
• Allows authentication with multiple directory servers
• Account security permission mapping
• User group membership mapping

MediaCAST utilizes “user roles” to grant users access to different features. Users can be assigned one or more user roles based on the functions they need to perform. This allows many people to contribute to the work and ongoing success in an organization while providing security.

MediaCAST has extensive tools for system administrators that lets them create mappings between the LDAP database and MediaCAST, such that it is very easy to implement complex rules about what should happen.  For example, everyone who logs in will get access to certain default groups, then based on what is in the LDAP membership info, will be automatically enrolled in MediaCAST groups.  If a user belongs to the All Staff group in LDAP, then they will automatically be enrolled in the Staff Training, Employee Policies and New Product Info groups in MediaCAST.

The following are pre-set user roles available in MediaCAST:

• Super administrator
• System administrator
• System manager
• Supplementary administrator
• Encoder/live channel manager
• Instructor or course manager
• Student or guest (end user)
• Kiosk channel manager
• Additional roles (i.e. digital library manager)