Controlling Viewer Access with Roles in Studio

In this topic, you will learn how to present content to viewers based on their assigned roles. You will manage roles in your external VMS and Brightcove Beacon Studio.

Introduction

This feature, Secure Experiences, ensures that content is only viewable by viewers whose role matches the role set on the content.

Roles allow you to filter content and experience elements for groups of specific viewers. You can expose content for viewers within a group and hide it from all other viewers.

Content types can be shown or hidden based on the viewer's role. In Beacon Studio, you can create roles and assign them to the following content types:

  • Movies
  • Series, Seasons, and Episodes
  • Channels and Live events
  • Playlists and Pages

Requirements

The following is needed for Secure Experiences:

  • An external Viewer Management System (VMS)
  • OpenID Connect (OIDC) authentication enabled for your account

To associate viewers with roles, you will use your external VMS. These user role definitions will be connected to Brightcove Beacon using OIDC tokens

During viewer authentication with a Beacon app using OIDC, a token is passed to Beacon with the viewer's role(s).

OIDC is an authentication protocol used to verify the identity of a user to a client service. For details about using OIDC, see the OIDC Authentication Configuration and Testing document.

Workflow

The following workflows are associated with Secure Experiences:

Viewer workflow

Your app viewers will experience the following:

  1. Viewers will exist in your external Viewer Management System (VMS) and may have one or more roles assigned to them.

  2. During viewer authentication with OIDC, a token is passed to Brightcove Beacon with the viewer's role(s).
  3. Viewers have access to assets/pages that match any of the viewer's roles.
Viewer workflow diagram

Admin workflow

You or your admin person will perform the following tasks:

  1. Assign roles to viewers in your external VMS (or sets up rules to assign roles)
  2. Connect external VMS to Brightcove Beacon

  3. Add the roles to Brightcove Beacon (these roles must match what is defined in your VMS)
  4. Assign roles to assets/pages
Admin workflow diagram

Assigning roles to viewers

You will use your external Viewer Management System (VMS) to assign viewers with specific roles. For example, you might want your employees and partners to have access to the latest training videos, but not your prospects and customers.

  1. Assign user roles in your external Viewer Management System (VMS).
  2. Contact your account manager to connect your VMS to Brightcove Beacon.
  3. Login to the Beacon Studio. In the left navigation, click Registered Users and then Users.

    List of registered users
  4. Click on a user name.
  5. In the Overview section, any roles assigned to this user will be listed. Note that this is a read-only field, and is defined in your VMS. If no roles are associated with this user, then you will see N/A.

    User roles

Managing roles in Beacon

You will add, update, and delete roles in Beacon Studio.

Adding roles

  1. Login to the Beacon Studio. In the left navigation, click Registered Users and then Roles.

    Roles list
  2. Click Add role.
  3. Enter the name for a role and click Add role.

    Add role

Updating roles

  1. To edit an existing role, click Edit icon associated with the Role name.

    Edit role icon
  2. In the Edit role dialog, update the role name and click Update.

    Edit role dialog

Deleting roles

  1. To delete an existing role, click Delete icon associated with the Role name.

    Delete role icon

Assigning roles to Series and Seasons

You can use Beacon Studio to assign roles to your Series and Seasons. These content types use a similar method for entering roles.

Let's walk through the steps for adding roles to a series.

  1. Return to Beacon Studio and do the following:

    1. In the left navigation, select Media
    2. Expand Library and select All series
    3. Either create a new series or click on an existing series Name
    All series list
  2. In the left navigation, select Availability. Here, you can add roles to rule sets.

    • Either click Edit icon to edit a rule set
    • Or click Add new rule set
    Series availability
  3. Scroll down to the Roles section and enable the toggle. You have the option to select roles for this series:

    • All - All viewers have access to this series
    • Select roles - Click in the input area to select from a list of roles that you defined in the Adding roles in Beacon section
    Select roles
  4. Click Save.

  5. To set roles for seasons, click the season name, select Availability, and either edit or create a rule set.

    Select season

Assigning roles to OTT playlists

You can use Beacon Studio to assign roles to your OTT playlists.

  1. Return to Beacon Studio and do the following:

    1. In the left navigation, select Media
    2. Expand Playlists and select OTT playlists
    3. Either create a new playlist or click on an existing playlist name
    OTT playlist list
  2. In the OTT playlist details, click Edit Settings.

    Edit playlist settings
  3. In the Playlist settings dialog, do the following:

    1. Select Availability
    2. Either add a new rule set or edit an existing rule set
    Playlist settings dialog
  4. Scroll down to the Roles section and enable the toggle. You have the option to select roles for this series:

    • All - All viewers have access to this series
    • Select roles - Click in the input area to select from a list of roles that you defined in the Adding roles in Beacon section
    Select playlist roles
  5. Click Save.

Assigning roles to pages

You can use Beacon Studio to assign roles to your Beacon pages.

Pages

  1. Return to Beacon Studio and do the following:

    1. In the left navigation, select Layout
    2. Either create a new page or click on an existing page name
    Layout list of pages
  2. In the Availability section, click Edit icon.

    Edit page availability
  3. In the page dialog, do the following:

    1. Select Availability
    2. Turn the toggle on for Roles.
    Page roles
  4. You have the option to select roles for this series:

    • All - All viewers have access to this series
    • Select roles - Click in the input area to select from a list of roles that you defined in the Adding roles in Beacon section
    Select page roles
  5. Click X to close the dialog and save your changes.

Secondary pages

  1. To assign roles to secondary pages, in the layout list, select Secondary pages.

    Secondary pages
  2. Click the page settings icon associated with the page.

    Secondary page settings
  3. Add roles as described in the section above.

Assigning roles to movies

You can use Beacon Studio to assign roles to your videos/movies. To do this, you will create a custom field and assign role values to it. Beacon custom fields are automatically synced with the Beacon CMS and your Beacon apps.

  1. Return to Beacon Studio and do the following:

    1. In the left navigation, select Admin
    2. Select Video Fields
    3. Click Add Custom Field
    Video fields
  2. Create a new custom field as follows:

    1. Enter a display name of beacon.roles
    2. Select a Type of Text
    3. Add a description
    4. Click Save field
    Add custom field
  3. You are ready to assign roles to videos.

    Custom field values
  4. Navigate to the Media module and select a video:

    1. In the left navigation, select Media
    2. Click the Name of a video for details
    Media module
  5. Scroll down to the Custom fields section and assign roles:

    1. In the Custom fields section, click Edit
    2. Scroll down to beacon.roles
    3. Enter one or more roles in the text area, separated by a comma.
    4. Click Save
    Video role values

Assigning roles to Channels and Live events

To assign roles to Beacon Channels and Live events, you will use the Beacon CMS.

For details, see the Controlling Viewer Access with Roles document.

Understanding the viewer experience

The viewer will only see content in the Beacon app if their user account is has any of the roles associated with the content.

  1. In the Beacon app, I have logged in as jdoktor. Notice the movies that display in the playlist for the BCLS page include Mom and Fawn.

    BCLS playlist page
  2. Let's see why this video appears for this viewer while logged in. In Beacon Studio, the Mom and Fawn movie has the following roles assigned to it:

    • Admin
    • Gold
    Beacon Studio roles for movie
  3. As defined in your external VMS, this viewer (jdoktor) has an Admin role.

    Since the viewer has a role associated with the asset, then they can view this asset.

  4. Now, let's log into the Beacon app as a different viewer (mboles). Notice that this viewer does not see the Mom and Fawn movie in the playlist.

    BCLS playlist page
  5. If we look at the roles for this viewer (mboles), we see that they have a role of Silver assigned to them in your VMS.

    Because neither the Admin role nor the Gold role is assigned to this viewer, they cannot view the asset.

    Remember, if an asset has no roles assigned to it, then all viewers can see that asset.