support Contact Support | system status System Status
Page Contents

    Securing Experiences Using PingOne

    In this topic you will learn how to secure experiences using PingOne SSO.

    When an experience is secured using SSO, users will be required to authenticate before they can access a Web or Mobile App Experience.

    The steps in this topic assumed you have created a PingOne trial account and have confirmed your account through email.

    Creating an identity repository

    Start by creating an identity repository.

    1. Log in to your PingOne account. The Dashboard page will appear.
    2. Click SETUP in the header. The Settings page will open.
    3. Click Connect to an Identity Repository.
    4. Click on PINGONE DIRECTORY and then click Next.
    5. Confirm that the directory has been configured.
    6. Click Next.
    7. For the MAP ATTRIBUTES section, keep the default values and click Finished.
    The PingOne Directory page will display the directory statistics.

    Creating an application

    Next we'll create an application that will be secured using SSO.

    1. Click APPLICATIONS in the header. The My Applications page will open.
    2. Click Add Application.
    3. Select New SAML Application.
    4. Enter an Application Name and Application Description.
    5. Select a Category (recommend Communication).
    6. (Optional) Click Change and browse and select an icon for the application.
    7. Click Continue to Next Step.
    8. On the Application Configuration page, locate the SAML Metadata field.
    9. Click the Download link.
    The downloaded file will be needed when creating an Access Control Profile in Brightcove Engage.

    Creating an Access Control Profile

    You need to create an Access Control Profile that will be used to secure any experiences you want to secure using SSO.

    1. Log in to your Brightcove Engage account.
    2. Click Settings in the header.
    3. In the left navigation, click Access Control Profiles.
    4. Click Create Profile.
    5. Give the profile a Name.
    6. Locate the Import SSO metadata section and then click Select File.
    7. Browse and select the SAML metadata file you downloaded from PingOne (in the previous section).
    8. Confirm that values for the SAML 2.0 Endpoint and X.509 Certificate have been filled in.
    9. Click Save and confirm that the profile was created.
    10. Click on the Metadata URL field and save the XML file.

    The XML file will be needed to complete the application configuration in PingOne.

    Completing the application configuration

    1. Return to the PingOne application.
    2. On the Application Configuration section, locate the Upload Metadata field.
    3. Click Select File and browse and select the file you downloaded after creating the Access Control Profile in Brightcove Engage.
    4. Confirm the Assertion Consumer Service (ACS) and Entity ID fields were filled in with values after the import.
    5. Click Continue to Next Step.
    6. On the SSO Attribute Mapping section, add the following attributes:
      Application Attribute Literal Value
      firstName First Name
      lastName Last Name
      email Email
    7. Click Continue to Next Step.
    8. On the Group Access page, locate the Users@directory group and then click Add.
    9. Click Continue to Next Step.
    10. Click Finish.
    11. Confirm that the application is Active and Enabled.

    Mapping the application attributes will cause the following to happen in Brightcove Engage Experiences:

    • For Mobile App Experiences, the user's name and email address will appear on the Profile page
    • For all experiences, the user's email address will appear as part of video analytics

    Assign the Access Control Profile to an experience

    The last step is to assign the Access Control Profile that was created to the experience(s) you want to secure.

    1. Return to Brightcove Engage.
    2. Edit the experience you want to secure.
    3. In the left navigation, click SITE CONFIGURATION > Access Control.
    4. Select the Access Control Profile that is associated with the PingOne SSO configuration.
    5. Click Save.
    6. Publish the experience.

    When you access the experience, you should be prompted by PingOne to login. The following image is when trying to access a Mobile App Experience.


    Page last updated on 06 Oct 2020