You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/media-services/previous/media-services-portal-get-started-with-aad.md
+10-62Lines changed: 10 additions & 62 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,82 +31,30 @@ Learn how to use the Azure portal to access Azure Active Directory (Azure AD) au
31
31
32
32
When you use Azure AD authentication with Azure Media Services, you have two authentication options:
33
33
34
-
-**User authentication**. Authenticate a person who is using the app to interact with Media Services resources. The interactive application should first prompt the user for credentials. An example is a management console app used by authorized users to monitor encoding jobs or live streaming.
35
34
-**Service principal authentication**. Authenticate a service. Applications that commonly use this authentication method are apps that run daemon services, middle-tier services, or scheduled jobs: web apps, function apps, logic apps, APIs, or a microservice.
36
-
37
-
> [!IMPORTANT]
38
-
> Currently, Media Services supports the Azure Access Control service authentication model. However, Access Control authorization will be deprecated on June 1, 2018. We recommend that you migrate to the Azure AD authentication model as soon as possible.
35
+
-**User authentication**. Authenticate a person who is using the app to interact with Media Services resources. The interactive application should first prompt the user for credentials. An example is a management console app used by authorized users to monitor encoding jobs or live streaming.
39
36
40
37
## Select the authentication method
41
38
42
39
1. In the [Azure portal](https://portal.azure.com/), select your Media Services account.
43
40
2. Select how to connect to the Media Services API.
41
+
3. Under **Connect to Media Services API**, select the Media Services API version you want to connect to.
To connect to the Media Services API by using the user authentication option, the client app needs to request an Azure AD token that has the following parameters:
50
-
51
-
* Azure AD tenant endpoint
52
-
* Media Services resource URI
53
-
* Media Services (native) application client ID
54
-
* Media Services (native) application redirect URI
55
-
* Resource URI for REST Media Services
56
-
57
-
You can get the values for these parameters on the **Media Services API with user authentication** page.
58
-
59
-
60
-
61
-
If you connect to the Media Services API by using the Media Services Microsoft .NET SDK, the required values are available to you as part of the SDK. For more information, see [Use Azure AD authentication to access the Azure Media Services API with .NET](media-services-dotnet-get-started-with-aad.md).
62
-
63
-
If you're not using the Media Services .NET client SDK, you must manually create an Azure AD token request by using the parameters discussed earlier. For more information, see [How to use the Azure AD Authentication Library to get the Azure AD token](../../active-directory/azuread-dev/active-directory-authentication-libraries.md).
64
-
65
-
## Service principal authentication
66
-
67
-
To connect to the Media Services API by using the service principal option, your middle-tier app (web API or web application) needs to request an Azure AD token that has the following parameters:
43
+
## Service principal authentication (recommended)
68
44
69
-
* Azure AD tenant endpoint
70
-
* Media Services resource URI
71
-
* Resource URI for REST Media Services
72
-
* Azure AD application values: the **client ID** and **client secret**
45
+
Authenticates a service using an Azure Active Directory app and secret. This is recommended for any middle-tier services calling to the Media Services API. Examples are Web Apps, Functions, Logic Apps, APIs, and microservices. This is the recommended authentication method.
73
46
74
-
You can get the values for these parameters on the **Connect to Media Services API with service principal**page. Use this page to create a new Azure AD application or to select an existing one. After you select the Azure AD app, you can get the client ID (Application ID) and generate the client secret (key) values.
47
+
The **Manage your AAD app and secret**section lets you select or create a new AAD app and generate a secret. For security purposes, the secret cannot be shown after the blade is closed. The application uses the application id and secret for authentication to obtain a valid token for media services.
75
48
76
-
49
+
Make sure that you have sufficient permissions to register an application with your Azure AD tenant and to assign the application to a role in your Azure subscription. For more information, see [Required permissions](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#required-permissions).
77
50
78
-
When the **Service Principal**blade opens, the first Azure AD application that meets the following criteria is selected:
51
+
The **Connect to Media Services API**provides you with values that you use to connect your service principal application. You can get text values or copy the JSON or XML blocks.
79
52
80
-
- It is a registered Azure AD application.
81
-
- It has Contributor or Owner Role-Based Access Control permissions on the account.
82
-
83
-
After you create or select an Azure AD app, you can create and copy a client secret (key) and the client ID (Application ID). The client secret and client ID are required to get the access token in this scenario.
84
-
85
-
If you don't have permissions to create Azure AD apps in your domain, the Azure AD app controls of the blade are not shown, and a warning message is displayed.
86
-
87
-
If you connect to the Media Services API by using the Media Services .NET SDK, see [Use Azure AD authentication to access the Azure Media Services API with .NET](media-services-dotnet-get-started-with-aad.md).
88
-
89
-
If you are not using the Media Services .NET client SDK, you must manually create an Azure AD token request using the parameters discussed earlier. For more information, see [How to use the Azure AD Authentication Library to get the Azure AD token](../../active-directory/azuread-dev/active-directory-authentication-libraries.md).
90
-
91
-
### Get the client ID and client secret
92
-
93
-
After you select an existing Azure AD app or select the option to create a new one, the following buttons appear:
94
-
95
-
96
-
97
-
To open the Azure AD application blade, click **Manage application**. On the **Manage application** blade, you can get the app's client ID (Application ID). To generate a client secret (key), select **Keys**.
After you select the Azure AD application, you can manage the application and permissions. To set up your Azure AD application to access other applications, click **Manage permissions**. For management tasks, such as changing keys and reply URLs, or to edit the application’s manifest, click **Manage application**.
104
-
105
-
### Edit the app's settings or manifest
53
+
## User authentication
106
54
107
-
To edit the app's settings or manifest, click **Manage application**.
55
+
This option could be used to authenticate an employee or member of an Azure Active Directory who is using an app to interact with Media Services resources. The interactive application should first prompt the user for the user's credentials. This authentication method should only be used for Management applications.
Copy your credentials to connect your user application from the **Connect to Media Services API** section. You can get text values or copy the JSON or XML blocks.
0 commit comments