This article will show you how to configure SAML for Brightcove Gallery application in Teamstack.
By default, when Gallery Portal Experience is published, anyone with the site URL will be able to access the site. Access control profiles can be created to restrict access to Gallery Portal Experience. Access control profiles are created as part of the Gallery settings and then the profiles are assigned to sites. Access control profiles can be created to restrict access based upon Single Sign On and users will use Teamstack credentials when logging into Gallery Portal Experience.
Brightcove Gallery (SP) initiated Single Sign-On
Teamstack (IdP) initiated Single Sign-On
Step 1: Add Brightcove Gallery app to Teamstack
Go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "Brightcove Gallery" and click "Add".
Select this app to be a "SAML" app and leave the "Entity ID", "ACS URL" and "Relay State" input empty, we will configure it later.
In Organization's Applications overview, click on the newly created Brightcove Gallery app. You will see all the details about this app.
Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for Brightcove Gallery.
Click on the "SAML Configurations" tab. Download the metadata file by clicking on the "SAML Metadata" button. And keep this page open to copy the values later.
Step 2: Set up SAML in Brightcove Gallery
Log in to Brightcove Gallery with your administrator account.
You need to select the Gallery where you want to change the login settings. In the top right corner select "Gallery" in the dropdown.
Click on the "Settings" tab.
In the left sidebar select "Access Control Profiles" and click "Create Profile"
Enter "SSO" as a name.
Check "SSO - Requires a username and password for access".
Click "Select File" and upload the SAML metadata file from the step 1.7 above.
Input your custom domain to field "ACS URL Override". If you don't have a domain, go to "Custom Domain and SSL" and create a new one (enable SSL for this domain).
You will be redirected to "Access Control Profiles" settings page, copy value of "Entity ID" and "ASC URL" and go back to the open Teamstack page.
Paste your values to Entity ID and ACS URL and click "Save".
On the "Experience" overview page, select one of your experiences.
Click on "SITE CONFIGURATION" in the left sidebar and select "URL"
Click "Add Custom Domain" and select domain you add to SSO configuration.
In "Access Control" settings, select name of your Single Sing On setting and click "Save".
Click on "Publish" to save your changes.
You can now test the login from Teamstack to Brightcove Gallery. You need to have Brightcove Gallery assigned to yourself in Teamstack. To test the connection, do the following:
Open a new incognito window.
Log into Teamstack.
Click on the Brightcove Gallery app on your dashboard.
You will be redirected to Brightcove Gallery and will be logged in without the need to enter a password at Brightcove Gallery.