External Administrators

There are two types of external administrators.

  • LDAP administrator - An external admin who uses an LDAP authentication profile to login to CloudStream DM.

  • OIDC administrator - An external admin who uses an OpenID Connect authentication profile to login to CloudStream DM.

To allow these external users to login to CloudStream DM as an administrator, follow the instructions for each type.

Setup LDAP type external administrator.

Order Instructions

Install the Auth Agent service on a server where an on-site LDAP is configured. An Auth Agent service is also required to be configured if you are planning to add LDAP Secure users as administrators.

For installation steps, please go to Auth Agent Installation.

Create an LDAP authentication profile and use the configured Auth Agent.

For instructions, please go to LDAP Authentication Profile.

Assign the LDAP group to a role in CloudStream DM. Please go to Assign a Group to a Role.

Login as External LDAP Administrator.

Setup OpenID Connect (OIDC) type external administrator.

Order Instructions

Create an OIDC authentication profile. For instructions, please go to OpenID Connect Authentication Profile.

Assign the OIDC group to a role in CloudStream DM. Please go to Assign a Group to a Role.

Login as External OIDC Administrator.

Assign a Group to a Role

  1. Login to CloudStream DM as an administrator.

  2. Go to System.

  3. Expand Security and click Admin Roles.

  4. Select the Admin Role you want to assign to the external users when they login to CloudStream DM.

    If you assign a group to an admin role, all users that belong to the group will inherit the role when they login to CloudStream DM.

  5. If the authentication profile is an LDAP, enter the LDAP group name in the Group Name text field.

  6. If the authentication profile is an OIDC, enter the Object ID in the Group Name text field.

  7. Click [Save].

You can assign multiple groups by separating the Object ID or group name with a comma ( , ).

Login as External LDAP Administrator

  1. Go to the CloudStream DM login page.

  2. Select the LDAP authentication profile.

  3. Enter your user name. Do not include the domain name of your LDAP user account.

  4. Input your LDAP password.

  5. Click the [Login] button.

The Dashboard page is displayed after you successfully login as an LDAP account.

Login Errors

If you encounter an error logging in as LDAP user, please check the following:

  • Make sure the LDAP account you login to belongs to the group you assigned to the role. To confirm, please go to the group and check if your account is in the list of members.

  • Make sure that the name of the group is used as the role's group name.

  • Make sure that the LDAP test connection is successful.

  • Make sure that an Auth Agent is assigned to the LDAP authentication profile.

 

Login as External OIDC Administrator

  1. Go to the CloudStream DM login page.

  2. Click the [Login with OIDC] button.

    The button will not enable if the profile, user name, or password has value.

  3. Clicking the [Login with OIDC] button will display a page where you can select the OIDC authentication profile you want to be authenticated.

    From the dropdown menu, select the OIDC profile.

  4. Login to the OIDC provider with valid credentials.

  5. A successful authentication will display the CloudStream DM Consent page. This page will ask for your consent to allow the CloudStream DM service to access your account.

    Please check all three permission to continue using CloudStream DM.

    • profile

    • offline_access

    • email

    After you have given your consent, you do not need to give consent again on your next login.

  6. Click [Submit Consent].

When a consent is given, you will be redirected to CloudStream DM's Dashboard page. If you did not give your consent or clicked [Cancel], the CloudStream DM cannot sign you in because the service will need all three permissions mentioned in the previous step.

Login Errors

If you encounter an error logging in as an OIDC user, please check the following:

  • Make sure the OIDC account you are logging into belongs to the group you assigned to the role. To confirm, please go to the group and check if your account is on the list of members.

  • Make sure that the Object ID of the group is used as the role's group name.

  • Make sure that correct CloudStream DM URIs are added to the app's Authentication Web URI. Please refer to OpenID Connect Authentication Profile for the required configurations.

  • Make sure that the authentication profile's Login User Name value matches the Entra ID application's Optional Claim.