Looking for a way to manage temporary passwords that could be used for live video encoder access? IBM Cloud Video have rolled out a feature that allows account managers to create passwords that can be used by encoding software, encoding hardware and mobile apps for the purpose of broadcasting. These passwords, set permanently or on a temporary basis, are managed directly from the platform by account managers and access can be revoked at any time.
- Creating Temporary Device Passwords
- Setting Access Windows: Valid Dates
- Manage Temporary Passwords: Revoke Access
- Compatible Encoders for Device Passwords
- Use Cases
Please note, while this feature presents an alternative way to access these encoders from a Ustream account, it is mandatory for IBM Cloud Video accounts, including Streaming Manager and Streaming Manager for Enterprise, to access these encoders in this new way. This is because login details associated with an IBM Cloud Video account can not be used to directly login to an encoder. Consequently, these device passwords are required to login to compatible encoders and apps.
If you want to learn more about security features to look for in an enterprise solution, be sure to read our Enterprise Video Security Components & Services white paper.
Creating Temporary Device Passwords
After logging into an IBM Cloud Video or Ustream account, a new feature has been added under the “Account” submenu. Named “Device Passwords”, this option allows account managers to both create and manage temporary passwords.
These passwords are used to broadcast content with using an encoder, which can be software, hardware or app based. These encoders, unless one is manually inputting the Stream URL and Stream Name, normally require input of the login and password combination associated with the IBM Cloud Video or Ustream account.
In order to create a new temporary password, an account manager simply has to click “Create Password” to launch the process. This will involve giving the new password login a name. This name will not be used or seen by the temporary password user. It is strictly for internal reference and often used to associate the login credentials with a specific use. Once created, a login and password will be automatically generated. Important to note is that, for security reasons, the password is only shown once here. As a result, it should be jotted down immediately after it is generated and given to the appropriate party. Afterwards, the username and the account manager created “Device Name” will be visible, but not the password. If the password is forgotten, it’s advisable to revoke the earlier access and create a new login and password for that user.
With the login details, the user can begin streaming using a variety of different encoders. These can range from software, to hardware to mobile apps as well. Once the user logs into the encoder they get to select what channel on the account they want to broadcast from. This approach opens the door to a lot more use cases, as new channels can be continually added and the initial set of login details will continue to stay relevant. If a content owner prefers to limit access to just a single channel, though, it’s recommended to instead click on the channel and go to “Broadcast Settings” and then “Encoder Settings” to get the RTMP URL and the Stream Key. These can be inputted in the encoder to achieve the same effect, although access can not be revoked in this way outside of deleting that channel.
Setting Access Windows: Valid Dates
When creating a temporary password, content owners can also specify a valid period for that password. This is done through either selecting a starting point, “valid from”, or an end date for that access, “valid until”. Setting an expiration date, the “valid until” part, is optional.
When setting the valid period, this is done not only on a day basis but also down to the minute. While this is likely more precise than most content owners will need to get with these temporary passwords, it can help to relieve potential conflicts. For example, if two events from different locations are being broadcast on the same day, one in the morning and one in the evening, the morning person’s access could end before the other’s starts to help prevent them both broadcasting at the same time.
Ultimately, though, this aspect of the temporary passwords makes it easy to work with contractors who might have very specific time frame for when they will be working on the content. For example, if they are hired to work on five day event from June 24th through June 28th , they could be given access that is valid from June 23rd to June 28th. The idea with a day before is likely they will need to test the setup before the event begins, although this could also be done by giving them access to another channel to do tests from.
Manage Temporary Passwords: Revoke Access
Passwords created through this feature can be as permanent or as temporary as needed.
After a device is added, access can be revoked in two ways. The first is by highlighting that device and clicking the “Revoke” button. This will generate a popup to confirm that access is to be revoked and will then disable them from using that password for future app or encoder access.
The second method is to revoke all access. As implied, this removes access from all devices that were given previous authorization to broadcast. A perfect use case for this can be if access had been given to an entire team of contractors to do on premise streaming, and their assignment is over. Another, less pleasant scenario can be if someone inappropriately shared access and it’s not clear who was the leak, creating a scenario where it might be best to revoke all external access and start again.
Compatible Encoders for Device Passwords
To be compatible with this feature, the encoder must allow users to enter in a login and password directly to begin streaming. This ability is found in many different encoders, and a partial list is provided below:
- Ustream Software Broadcaster
- Ustream Producer
- Ustream iOS App
- Ustream Android App
- Telestream Wirecast
- Newtek TriCaster
- Elgato Game Capture HD
Uses for this feature can range on both the internal and external side. Below are a few samples where this feature is very valuable.
UGC: User Generated Content
Have an internal facing Streaming Manager for Enterprise or Ustream Align account? The platform is great for managing a large library of content. However, while you might have 20 or even 40 people working on the account, there still might be a need to quickly add additional collaborators that will need to only live stream content. This feature lets account moderators quickly generate login details that these users can then input into an encoder, letting them easily live stream from a mobile app or software encoder to the required channel.
Executive Town Halls
Most CEOs don’t manage their company’s video account. They might, though, want to be able to quickly broadcast on their own. This still offers them the chance to do some town halls in a professional setting, possibly controlled by a video department. However, the CEO can also find themselves in a situation that doesn’t permit this, such as a business trip or the need to broadcast from home. Creating them a set of login details can be a great method to let them quickly broadcast as needed, while not having them worry about managing other aspects of the video account.
Putting on a big product launch and working with contractors for the physical production component? Rather than giving over login details for the account, a device password would allow them to select a number of live channels and the ability to broadcast to them as needed. After they have finished, their access can then be quickly revoked. If the contractor is setup to work for a specific period, though, the valid dates can be used instead to automatically revoke access at the end of their contract.
This new feature presents an additional, more secure way to live stream content that incorporates a larger team. It empowers users and contractors to broadcast your content without the security concern of them using their login details to access an account directly. This avoids scenarios where someone who was given access to the account to stream might accidentally delete live channels, delete on-demand videos or in general modify settings they should not. It also gives an easy way to revoke access later, creating a situation where a contractor can broadcast to a channel and avoiding having to delete that live channel after they are done to prevent them from logging in again later.
This temporary password for devices is one of many features that combine to offer a secure platform solution. If you are interested in internal broadcasting, for corporate communications, be sure to read our Enterprise Video Security Components & Services white paper. This resource goes over ways to secure content for internal use, such as syncing with a corporate directory through SSO (Single Sign-On) to protect access while still making it easy for end users to view the content they need.