In this article

Overview

Prerequisites for Installation

Hardware Requirements

Software Requirements

Misc Requirements

VIDIZMO ID Connector Add on

VIDIZMO ID Connector Components

ID Connector Installations & Configurations

Creating a Security Group and an AD User

Adding the User to the ID Connector Server

Installing the ID Connector

Configuring the ID Connector

Read Next


Overview

The ID connector is a Web-based authentication tool for an application that works with your Enterprise Active Directory, providing users authenticated access to VIDIZMO Channel using their AD credentials.


This is ideal for organizations:

  • Having hundreds or thousands of users who will require VIDIZMO access.
  • Looking to simplify user management.
  • Looking to bring convenience to their users by providing them single user id and password to access VIDIZMO.
  • Concerned about administrative overhead managing separate user accounts on VIDIZMO.


Initially, it was intended for an organization’s internal IT team who wish to deploy and maintain VIDIZMO ID Connector within the enterprise. This document serves as the guideline for the VIDIZMO Deployment Team to carry out VIDIZMO ID Connector deployment remotely or onsite for any organization.


Prerequisites for Installation


VIDIZMO ID Connector is a software that runs on server-class hardware and on Windows Operating System. Before starting, it is assumed that you have administrative access to the Active Directory Domain Controller. Also, a separate machine is required which will be running Windows Server 2012 with IIS Complete Role. The Microsoft SQL Server Express Edition must be installed on it too.


Hardware Requirements


VIDIZMO ID-Connector hardware requirements may vary based on the organization’s infrastructure, the number of employees in an organization and the anticipated concurrent users in an organization. All of these factors have an impact on the hardware required. The more the number of users and concurrent users in an organization, the more powerful hardware requirements would be.


Following chart describes different scenarios along with minimum hardware requirements and recommended hardware:


ScenarioMinimum HardwareRecommended Hardware
Up to 1000 Users with 100 concurrent user loadCPU with 2 GB RAM,
100 Gig Hard drive,
Core 2 Duo Processor > 1.8 GHz
CPU with 4 GB RAM,
100 Gig Hard drive,
Core 2 Duo Processor > 2.1 GHz
Up to 5000 Users with 500 concurrent user loadCPU with 4 GB RAM,
100 Gig Hard drive,
Core 2 Duo Processor > 2.1 GHz
CPU with 8 GB RAM,
100 Gig Hard drive,
Core 2 Duo Processor > 2.1 GHz
Up to 10000 Users with 1000 concurrent user loadCPU with 6 GB RAM,
100 Gig Hard drive,
Core 2 Quad Processor > 1.8 GHz
CPU with 12 GB RAM,
100 Gig Hard drive,
Core 2 Quad Processor > 2.1 GHz
Up to 15000 Users with 1500 concurrent user loadCPU with 8 GB RAM,
100 Gig Hard drive,
2 x Core 2 Quad Processor > 2.2 GHz
2 CPUs with 8 GB RAM,
100 Gig Hard drive,
Core 2 Quad Processor > 2.2 GHz
Up to 25000 Users with 2500 concurrent user load2 CPUs with 8 GB RAM,
100 Gig Hard drive,
2 x Core 2 Quad Processor > 2.2 GHz
2 CPUs with 12 GB RAM,
100 Gig Hard drive,
2 x Core 2 Quad Processor > 2.2 GHz



Note: This chart does not mention the requirements for redundant hardware for backup and failover. In case the organization desires to have such an environment set up, the same hardware configurations may be used. However, depending on the nature of redundancy and failover, additional load balancer and SAN (Storage Area Network) may be required.


Software Requirements


VIDIZMO ID Connector is a Microsoft .NET based software that runs on a Windows Operating System and requires an SQL Server at the backend. Listed below are the software pre-requisites, the administrator will need to install them before installing the VIDIZMO ID Connector:



1. Windows Server 2012 or its Higher Standard Enterprise Edition

2. .NET Core Version 4.7.2

3. Web server Role configured (IIS 7.0), with the following Role Services

a. Common HTTP Features (Complete)

b. Application Development

i. ASP .NET

ii. .NET Extensibility

c. Security

i. Basic Authentication

ii. Windows Authentication

d. Management Tools (Complete)

4. SQL Server 2016 Standard or Enterprise Edition

a. Database Engine

b. Client Tools Connectivity

c. Management Tools




Misc Requirements


VIDIZMO ID Connector acts as a bridge between the AD users and VIDIZMO, running on cloud or on-premise. For the VIDIZMO ID Connector to perform its job, it needs to interact with the deployed AD, be able to get users' information as well as be able to access VIDIZMO, which in case of VIDIZMO Channels, means the implicit need for internet connectivity. Also, this software needs a certain configuration and privileges described in detail below:


1. Active Directory User:

A user created in the local Active Directory which is part of the Active Directory's User Group. This is required by the AD Connector to import user information from the Active Directory to its database.



Note: The ID Connector software must run under this AD User account. This AD User Account must be part of the Administrators group on the machine on which the ID Connector will be installed on. Moreover, it should also be part of the sysadmin group in the SQL Database Server. However, for routine operations, the minimum rights required at SQL server end are of db_owner after the database has been set up.


2. Active Directory Group:

A group within Active Directory represents all the ID Connector Administrators. Any AD users added to this group will gain access to configuration and administration sections of the ID Connector Website. Such users will be able to:

  • Add Channels to define Channel Mappings
  • Make modifications to application configuration.
  • Modify database connections or create new databases.
  • Check Synchronization logs.
  • Check users that were synchronized with ID Connector.


Only limited sections will be available for the users who do not belong to this group.


Note: All the users who are a part of a group with a similar name on any domain(s) part of the forest will gain access to ID Connector configuration and administration sections. It is therefore recommended to create a separate group for ID Connector rather than using a built-in group provided by the AD.


3. Firewall Publishing Rule for Worldwide access:

An organization may want to publish the AD Connector Website for worldwide access, for which publishing via firewall may be required. This is an optional step and only applicable when worldwide access is necessary.


Note: In case of Worldwide access, users coming from the internet will still be authenticated and authorized via Active Directory as they would when they are on local LAN.


4. Domain Name:

An "A" record in either a local DNS server or in an international DNS Server (if worldwide publishing is desired) will let users to conveniently remember the location of the published website.


5. Internet Access on Server (port 80 or 443 in case of SSL):

VIDIZMO ID Connector synchronizes users between VIDIZMO and the local AD. This is only required when VIDIZMO Channel (Cloud service) is being used. It may not be required when a VIDIZMO Appliance or Enterprise is used.


VIDIZMO ID Connector Add-On's


The VIDIZMO ID Connector Add-on is required to establish communication between the VIDIZMO Channel and the ID Connector. Please refer to the VIDIZMO knowledgebase article on How To Manage Add-ons to configure an Add-on in a Channel.


VIDIZMO ID Connector Components

VIDIZMO ID Connector comprises of two major modules explained in detail below:


1. VIDIZMO Identity Sync Service:

Identity Sync Service is a Win32 service configured on the main server. This service appears under the Control Panel > Administrative Tools > Services section. The service must be running at all times and therefore its startup type should be set to Automatic.


The VIDIZMO Identity Sync Service is responsible for synchronizing the Active Users found in all domains within the organization’s forest, with VIDIZMO Channel(s), VIDIZMO Enterprise or VIDIZMO Appliances by scanning all the Domains which are part of the forest.


Apart from Users, it also synchronizes the active Groups and Organizational Units (OU) available in each domain, which are later used by the VIDIZMO ID Website admin to provide mapping either b/w Group-Channel, OU-Channel or Domain-Channel.


Note: Only AD Users belonging to the Group(s), OU(s) or Domain(s), that have been mapped to a Channel, can gain access to that Channel. If the administrator wants to remove an entire domain part of the forest from gaining access to a VIDIZMO Channel, they can do so by removing the mapping of the domain with that Channel.


This service uses rules, found in the main database, to carry out synchronization and can be configured to run after an equal interval of time. The time interval can be set via the ID Connector Website by going to the Settings > Application Configuration section.


The illustration below shows how the ID Sync Service synchronizes users:




2. VIDIZMO Identity Connector Website:

The ID Connector Website serves as the gateway for the users to gain access to VIDIZMO Channels. It is also used to authenticate and authorize users coming directly to VIDIZMO.


The ID Connector Website is configured under IIS 7.0 and uses the same database used by the Identity Sync Service, and like the Identity Sync Service, it also depends on the AD or Domain for authenticating and authorizing users from the local AD and using the mappings in the database, allow access to VIDIZMO.


If a user belongs to the group specified in the Application Configuration section of the Application, the user would get access to configuration sections of ID Connector. These configuration options include:


Application Configuration

This is the main and critical section within the ID Website used to configure the user account. The ID Connector software is running under, as well as configuring the time interval when the ID Connector synchronization service synchronizes all the users between AD and VIDIZMO. Special consideration should be given when making modifications on this page.


Note: If a user is not synchronized by VIDIZMO Identity Sync Service, for any reason, the website does a JIT (just in time) synchronization of that user to let the user have immediate access to VIDIZMO.


Database Configuration

This is yet another critical section of the ID Website which allows administrators to configure the database and set up a new one if required. The synchronization service as well as the ID Connector website will use this database to carry out regular operations.


Manage Channels

Manage Channels section allows administrators to view existing Channels that have been added and can be mapped to Groups, OUs and Domain(s) part of the forest. This also shows the total number of users who have been synchronized at VIDIZMO and therefore have gained access to that specific Channel.


Channel Mapping

This is the section from where Channels can be mapped to an OU, Groups, and Domains. The site administrators can conveniently search for the required OU, Group or Domain from the list.


Manage Users

Manage Users section lists all the users imported from the Active Directory, with the status displayed against each user. It also provides a convenient search and filtering option to find any user imported and its synchronized status.


Note: This page will only show the users that have been imported from an AD. The import process has some filters configured such as Email Address, First Name, and Last Name, which may restrict the import of some users and therefore they may not appear in the list here.


Sync Log

This shows the log of the ID Service after every execution. Administrators can obtain information such as the number of users imported and synchronized with VIDIZMO etc.


The following illustration shows the overall working of the ID Connector Website when an AD authenticated user tries to access a Channel in VIDIZMO:




Note: After the setup is complete, users belonging to the AD are able to access the ID Connector website which automatically signs-in and redirects the user to the VIDIZMO channel. Signed-in users have access to only those channels which are mapped by the Administrator.


ID Connector Installations and Configurations


Creating a Security Group and an AD User


The following sequence of steps will walk you through how to set up a Security Group and an Active Directory (AD) user.


1. The first step is to create a Security Group in the Active Directory. Log in to your Domain Controller and open "Active Directory Users and Computers" to open the Active Directory window. Now, right-click on the active directory and select New >> Group.





2. Enter the name of the group of your choice, select Group scope as Universal and Group type as Security. Then click on the OK button to proceed.





3. Next, create a separate new user in the Active Directory. For this, right-click on Active Directory and then select New User.




4. Enter a name for the user and click on the Next button.




5. In the next window, enter a password and uncheck the "User must change password at next log-on" (highlighted below). Click on the Next button to continue.




6. When done, click on the Finish button.




7. Now, right-click on the user you have created and click on properties. On the window that appears, click on the Members Of tab, and then on the Add button.




8. Here, add the security group which was created earlier. Type the security group name and then click on Check Names. This step will verify the group name and bring it up in the window. Click on the OK button to continue.




Adding the User in ID Connector Server


1. The next step is to add this user to the Local Administrators Group on the server where the ID Connector is installed. To do this, follow the steps given below:


Note: To perform these steps, you need to log in to the machine with the user having Domain Admin rights.


i. Open Computer Management on the ID Connector Server.

ii. Expand the Local Users and Groups.

iii. Select the Groups folder to open the list of groups.

iv. From the list, open on the Administrators group's properties window.

v. On the Administrators Properties window, click on the Add button.

vi. Clicking on the Add button opens another dialog box where you enter the name of that user was created earlier and which will be added to the Group.

vii. Click on the Check Names button to verify that the name exists in AD. The username will be displayed with the domain in brackets.

viii. Finally, click on the OK button to add the user to the Group.




2. Now, log out of this account.


3. Log in again to the machine with the new user to start the installation of ID Connector.


4. Another part of the pre-requisite is to set up a database using SQL Express. We assume that you will have created a database in SQL Express and you have enabled the Windows authentication mode in SQL so that the above windows user has the right to access this database.


5. If the database is not created, you can use the ID Connector's Website to set up a new database. Please refer to the ID Connector Configuration section on setting up the Database from the ID Connector Website.


Installing the ID Connector


1. After logging into the machine with the created user, open the ID connector folder and run the ADSetup.exe file by selecting Run as Administrator.


Note: VIDIZMO ID Setup requires elevated privileges, therefore on Windows Server 2008/2008R2, make sure to "Run it as Administrator" by right-clicking and selecting the option from there. If the setup is not run with elevated privileges, it may fail. It is important that installation is performed in the same order as mentioned below.





2. A setup wizard is launched. First, it will install the Microsoft Enterprise Library 3.1, required for Vidizmo ID Connector to work properly. Click on the Next button to continue.




3. Click on the "I Accept.." License agreement checkbox to accept the agreement and review the system requirements. Clicking on the Next button as you proceed.




4. The system requirements are displayed next, except for Microsoft Visual Studio, these should be installed and configured before executing this installer.




5. Let the installer run its course. If you want to select custom features or select a different location to install ID Connector, then use the Browse button to change the install directory. Click on the Next button to continue when done.




6. The setup of Enterprise Library will finish. Uncheck the "Launch Enterprise Library 3.1..." checkbox and click Finish.






7. After running a pre-requisite check for the AD Website, the following screen is displayed. Click Next if all the pre-requisite conditions are met.




Note: IIS7 will require the IIS 6 Compatibility pack for this test to pass and AD Website to set up. Please go back and install these pre-requisites if setup fails at the IIS 7 step. Setup only checks for .NET Version 4 or later. If the future version of the framework is backward compatible, then it should still work with them.



8. Accept the License Agreement and then click on the Next button.




9. On the next step, you can either create a new Website or Choose an Existing Website. Creating a New Website is desired if the AD Website is being set up for the first time. Click on Create New Website.



Note: Choosing an existing website will overwrite the ID Connector Website on existing folders. Using this is only recommended when the Administrator wants to overwrite an existing ID Connector Website. This is to avoid any existing configuration issues that are inherited in the ID Connector Website during the process. Create New Website also creates a new Web Application Pool in the IIS, while choosing the Existing Website reuses the existing Application Pool.






10. Enter the required information in each field. Enter the name of the site which will be created in IIS. In the HostHeader field, mention domain/subdomain which is pointing to this machine and can be resolved publicly over the internet.


Note: Make sure the host header configured is a publicly accessible domain name if the website will be accessed via the internet. If port 80 is already occupied, the Administrator can choose a different port but will have to make sure any firewall restrictions do not restrict the user from accessing the website.





11. Click on the Browse button to locate the folder where the Website will be deployed. If the website is deployed in the folder other than www-root, make sure that the folder has Everyone read rights and is accessible by Everyone. Once this information is provided, click Next to continue.




12. In the next step, provide the user id, password and the email address of the user, the ID Connector software is set to run under. The ID must be in the format [Domain] \ [User]. The password field is an open field to show the administrator what is typed in. This user will be configured to run the ID Website as well as ID Service. The user must be part of the forest that is set to be synchronized on the VIDIZMO Channel. The same user is used to access the database, though user credentials can be altered from the Web Interface.




13. Now, the setup is ready to install ID Connector. Click on the Install button to proceed.




14. Click on the Finish button. This will run a post-setup job for a while to make final changes in the ID Connector Service and the installed Web Application. After the installation is completed, the setup will launch the installed ID Connector website for further configuration. This involves configuring the application by setting up the database and activating the service. The ID Website configuration is explained in the section Configuring the ID Connector.


15. After the installation completes, it will automatically open the ID Connector Webpage and prompt for username and password (as shown below).




16. The following screen indicates that you have successfully logged into the ID Connector Web Interface and the ID connector installation is successful.




Configuring ID Connector


Now, in this section, we will cover the basic configuration required to make ID Connector work properly.


1. First, click on the Database Configuration, under Settings on the bottom-right corner of the page.




2. On the next screen that opens, click Edit Database Configuration to start setting up the database.


3. Add the Database information. Set the server name to "localhost" as SQL was installed on the same machine. Then select "Windows Authentication" and enter the Windows credentials used in the pre-requisites section.
Finally, choose the Database created for the ID Connector in SQL.




4. Next, select the Application Configuration as shown in the highlighted text below.




5. Click on the Edit button and a pop-up will appear for confirmation. Click on the OK button to continue.




6. In this section, enter the name of the group created under which the Id Connector user was added. Also, make sure to enter the proper URLs of VIDIZMO host and Vidizmo Services (as highlighted below). In Sync Schedule, set the occurrence, date and time on which sync will run. Make sure Vidizmo Sync Service is set to "Activate". When done, click on the Update button.