You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/media-services/previous/media-services-portal-get-started-with-aad.md
+15-60Lines changed: 15 additions & 60 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,86 +27,41 @@ Learn how to use the Azure portal to access Azure Active Directory (Azure AD) au
27
27
28
28
- An Azure account. If you don't have an account, start with an [Azure free trial](https://azure.microsoft.com/pricing/free-trial/).
29
29
- A Media Services account. For more information, see [Create an Azure Media Services account by using the Azure portal](media-services-portal-create-account.md).
30
-
- Make sure you review the [Accessing Azure Media Services API with Azure AD authentication overview](media-services-use-aad-auth-to-access-ams-api.md).
31
30
32
31
When you use Azure AD authentication with Azure Media Services, you have two authentication options:
33
32
34
-
-**User authentication**. Authenticate a person who is using the app to interact with Media Services resources. The interactive application should first prompt the user for credentials. An example is a management console app used by authorized users to monitor encoding jobs or live streaming.
35
33
-**Service principal authentication**. Authenticate a service. Applications that commonly use this authentication method are apps that run daemon services, middle-tier services, or scheduled jobs: web apps, function apps, logic apps, APIs, or a microservice.
34
+
-**User authentication**. Authenticate a person who is using the app to interact with Media Services resources. The interactive application should first prompt the user for credentials. An example is a management console app used by authorized users to monitor encoding jobs or live streaming.
36
35
37
-
> [!IMPORTANT]
38
-
> Currently, Media Services supports the Azure Access Control service authentication model. However, Access Control authorization will be deprecated on June 1, 2018. We recommend that you migrate to the Azure AD authentication model as soon as possible.
36
+
## Access the Media Services API
39
37
40
-
## Select the authentication method
38
+
This page lets you select the authentication method you want to use to connect to the API. The page also provides the values you need to connect to the API.
41
39
42
40
1. In the [Azure portal](https://portal.azure.com/), select your Media Services account.
43
41
2. Select how to connect to the Media Services API.
42
+
3. Under **Connect to Media Services API**, select the Media Services API version you want to connect to.
To connect to the Media Services API by using the user authentication option, the client app needs to request an Azure AD token that has the following parameters:
50
-
51
-
* Azure AD tenant endpoint
52
-
* Media Services resource URI
53
-
* Media Services (native) application client ID
54
-
* Media Services (native) application redirect URI
55
-
* Resource URI for REST Media Services
56
-
57
-
You can get the values for these parameters on the **Media Services API with user authentication** page.
58
-
59
-
60
-
61
-
If you connect to the Media Services API by using the Media Services Microsoft .NET SDK, the required values are available to you as part of the SDK. For more information, see [Use Azure AD authentication to access the Azure Media Services API with .NET](media-services-dotnet-get-started-with-aad.md).
62
-
63
-
If you're not using the Media Services .NET client SDK, you must manually create an Azure AD token request by using the parameters discussed earlier. For more information, see [How to use the Azure AD Authentication Library to get the Azure AD token](../../active-directory/azuread-dev/active-directory-authentication-libraries.md).
64
-
65
-
## Service principal authentication
44
+
## Service principal authentication (recommended)
66
45
67
-
To connect to the Media Services API by using the service principal option, your middle-tier app (web API or web application) needs to request an Azure AD token that has the following parameters:
46
+
Authenticates a service using an Azure Active Directory (Azure AD) app and secret. This is recommended for any middle-tier services calling to the Media Services API. Examples are Web Apps, Functions, Logic Apps, APIs, and microservices. This is the recommended authentication method.
68
47
69
-
* Azure AD tenant endpoint
70
-
* Media Services resource URI
71
-
* Resource URI for REST Media Services
72
-
* Azure AD application values: the **client ID** and **client secret**
48
+
### Manage your Azure AD app and secret
73
49
74
-
You can get the values for these parameters on the **Connect to Media Services API with service principal**page. Use this page to create a new Azure AD application or to select an existing one. After you select the Azure AD app, you can get the client ID (Application ID) and generate the client secret (key) values.
50
+
The **Manage your AAD app and secret**section lets you select or create a new Azure AD app and generate a secret. For security purposes, the secret cannot be shown after the blade is closed. The application uses the application ID and secret for authentication to obtain a valid token for media services.
75
51
76
-
52
+
Make sure that you have sufficient permissions to register an application with your Azure AD tenant and to assign the application to a role in your Azure subscription. For more information, see [Required permissions](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#required-permissions).
77
53
78
-
When the **Service Principal** blade opens, the first Azure AD application that meets the following criteria is selected:
54
+
### Connect to Media Services API
79
55
80
-
- It is a registered Azure AD application.
81
-
- It has Contributor or Owner Role-Based Access Control permissions on the account.
56
+
The **Connect to Media Services API** provides you with values that you use to connect your service principal application. You can get text values or copy the JSON or XML blocks.
82
57
83
-
After you create or select an Azure AD app, you can create and copy a client secret (key) and the client ID (Application ID). The client secret and client ID are required to get the access token in this scenario.
84
-
85
-
If you don't have permissions to create Azure AD apps in your domain, the Azure AD app controls of the blade are not shown, and a warning message is displayed.
86
-
87
-
If you connect to the Media Services API by using the Media Services .NET SDK, see [Use Azure AD authentication to access the Azure Media Services API with .NET](media-services-dotnet-get-started-with-aad.md).
88
-
89
-
If you are not using the Media Services .NET client SDK, you must manually create an Azure AD token request using the parameters discussed earlier. For more information, see [How to use the Azure AD Authentication Library to get the Azure AD token](../../active-directory/azuread-dev/active-directory-authentication-libraries.md).
90
-
91
-
### Get the client ID and client secret
92
-
93
-
After you select an existing Azure AD app or select the option to create a new one, the following buttons appear:
94
-
95
-
96
-
97
-
To open the Azure AD application blade, click **Manage application**. On the **Manage application** blade, you can get the app's client ID (Application ID). To generate a client secret (key), select **Keys**.
After you select the Azure AD application, you can manage the application and permissions. To set up your Azure AD application to access other applications, click **Manage permissions**. For management tasks, such as changing keys and reply URLs, or to edit the application’s manifest, click **Manage application**.
58
+
## User authentication
104
59
105
-
### Edit the app's settings or manifest
60
+
This option could be used to authenticate an employee or member of an Azure Active Directory who is using an app to interact with Media Services resources. The interactive application should first prompt the user for the user's credentials. This authentication method should only be used for Management applications.
106
61
107
-
To edit the app's settings or manifest, click **Manage application**.
Copy your credentials to connect your user application from the **Connect to Media Services API** section. You can get text values or copy the JSON or XML blocks.
Copy file name to clipboardExpand all lines: articles/media-services/video-indexer/connect-to-azure.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -120,8 +120,8 @@ If the connection to Azure failed, you can attempt to troubleshoot the problem b
120
120
4. For Video Indexer to authenticate with Media Services API, an AD application needs to be created. The following steps guide you through the Azure AD authentication process described in [Get started with Azure AD authentication by using the Azure portal](../previous/media-services-portal-get-started-with-aad.md):
121
121
122
122
1. In the new Media Services account, select **API access**.
123
-
2. Select [Service principal authentication method](../previous/media-services-portal-get-started-with-aad.md#service-principal-authentication).
124
-
3. Get the client ID and client secret, as described in the [Get the client ID and client secret](../previous/media-services-portal-get-started-with-aad.md#get-the-client-id-and-client-secret) section.
123
+
2. Select [Service principal authentication method](../previous/media-services-portal-get-started-with-aad.md).
124
+
3. Get the client ID and client secret
125
125
126
126
After you select **Settings**->**Keys**, add **Description**, press **Save**, the key value gets populated.
0 commit comments