This page describes the enterprise authentication login feature available in Broadsign Control Administrator.
Large network owners use a form of Identity Provider (IdP), such as Active Directory or Okta, where they can manage user credentials in a single place. Integrating enterprise authentication in Broadsign Control Administrator allows delegation of Broadsign authentication to a third party.
Enterprise authentication allows users to log in Broadsign Control Administrator by using an Identity Provider. This type of login offers a more secure environment and a better control over who can authenticate and use Broadsign Control Administrator.
To learn more about enterprise Identity Providers supported by Auth0, refer to the Enterprise Identity Providers section of the Auth0 documentation.
Note: Auth0 cannot detect when a user in the Active Directory (AD) and LDAP Identity Providers is disabled. Therefore, Auth0 does not support auto disconnecting the user for these Identity Providers. The auto disconnection feature is supported for other Identity Providers such as Active Directory Federated Server (ADFS) and Azure AD.
To use enterprise authentication, Broadsign Control Administrator relies on the Auth0 authentication and authorization management platform. For more information, see auth0.com.
You must request enterprise authentication access to Broadsign Services. This request must contain the email used to create the account. In turn, Broadsign must do the following:
- Create an account for your domain and give you delegate administrator access of your Auth0 application.
- Create a tenant (sub-tenant of Broadsign).
- Configure your enterprise connections to let your users connect with their Identity Provider credentials, for example, Active Directory.
- Configure the user emails in Broadsign Control Administrator so that they match the accounts created in Auth0.
Warning: Enabling enterprise authentication prevents all other forms of login.
- Open your Broadsign Control Administrator application.
- In the main login page, enter your email address.
- If authenticated, enter the corresponding password.
Broadsign Control Administrator opens an external authentication login page to authenticate the user against their connector.
Note: The user cannot log in unless they have a valid Broadsign Control Administrator email address in the domain where enterprise authentication is enabled. If the user enters a wrong email address or an address that does not exist in the domain, then Broadsign Control Administrator displays an error to inform the user that the email entered is not valid.
You can access the logs related to your domain in Auth0:
- Access the Auth0 web site at auth0.com.
- Click the Sign In button and use the information provided by Broadsign Services.
- Navigate to the Logs menu on the left.
You can see the log data of both actions taken in the dashboard by the administrators, as well as authentications made by your users.