Video Access Control for an Enterprise Video Platform

Video Access Control for an Enterprise Video Platform

Looking for more ways to restrict access to a video within your corporate video portal?

IBM Watson Media has introduced a video access control feature that allows the management of assets on a per video basis within an enterprise account. This can permit different access levels, be it for pre-approval or to very select individuals, while also including a notification system over email to relay when access has been granted. This feature, introduced in June 2018, was expanded in July 2020 to include advanced video access control features around lists.

This access control can function as part of a larger component of an overall internal communications strategy. For those who want to learn about optimizing their internal comms, download this Using Video for Internal Corporate Communications, Training & Compliance white paper.

Restricted video content and portals

IBM’s enterprise video streaming offering is a powerful solution for creating a virtually secured video sharing experience for teams and enterprises. This is done through limiting access to those who authenticate through a SAML based identity provider, like OneLogin, Okta, Ping Identity and more. This then provides a customizable enterprise video portal, that includes authentication to access. Within this portal can be a variety channels, each containing a live stream (optional to use) and an accompanying video archive. Furthermore, specific access can be setup at a channel level. So for example, perhaps the engineering team is setup to have access to an engineering channel, while a more company wide channel could include general training and compliance while being setup to include contractors.

However, content access can be controlled even further than this, down to an individual video level.

How to control individual video access

To manage access control for a video, first click edit for that particular asset. From there, one of the tabs is called Sharing.

Now the Sharing tab provides a direct URL link to the video, which can be given to viewers. The default setting is that anyone who can normally access the channel could watch the content from the link. However, access can be more tightly limited as well to a smaller group or even just a few individuals. This is done by selecting the “specific people” option. From here, the content owner can enter specific email addresses, each of which will be granted access to the video.

Video Access Control for an Enterprise Video Platform

Once access is granted, the user will be sent an email notifying them. The format for the email is:

  • Telling them who approved the access, done like “_ has invited you to watch this video.”
  • Showcasing the thumbnail for the asset
  • Displaying the title for the video

The email will provide several links to click to access the content, although alternatively they can be sent the link over Slack, chat or any other method. After going to the URL, they will be asked to authenticate in, if they haven’t already, and can then access the asset.

Note that any email address can be entered into the “specific people” option, but they can only access the content if they can authenticate into the portal already. In addition, it should be noted that the individual video access controls will override the channel access controls as well. For example, if you have a channel that’s been setup so that only those in marketing can see the content, but setup access control on an individual video so that a product manager can see it, those settings will override and the product manager can watch it.

Group video access control

Alternatively to controlling individual user access, on an email by email basis, access can also be limited by groups. This is done by changing from “specific people” to “groups”. Now to be able to use this feature requires that groups to have been setup at your identity provider beforehand.

Groups will vary a bit from identity provider to identity provider. Here are more details on groups at OneLogin and groups at Okta.

Advanced access rules

Through APIs, lists containing SSO group names can also be uploaded to define specific criteria for who gets access to content. This can be based on aspects like roles, departments, geographic locations or other aspects that an organization might define. These can then be edited at the video level to state who has access based on belonging to these specific group names.

Advanced Video Access Rules

Note: this option only appears if one or more lists have been uploaded through the APIs first.

Use cases for individual video access control

While there can be benefits to having a lot of content restricted to just an entire organization, there can be use cases for limiting access further than this as well. Below are a few instances where it’s beneficial to be able to tighten access on one or a few assets even further.

While account and channel managers can already pre-approve content inside an account, there can be situations where you don’t want a potential stakeholder to be a manager but still want them to see the content before others use it for training, as an important company statement or other use. In this scenario, the stakeholder or stakeholders can be given individual video access to the content, allowing them to verify it before it starts being used and watched by others in the enterprise.

Executive only communication
Some content and meetings might be intended for a very select group. For example a meeting between executives could be intended for a very select audience, maybe just between executives in fact. Individual access control can make it possible to designate this small group of viewers, blocking others who might try to access the content.

Staggered release
Sometimes content can be about products or features that aren’t available yet. For example, a major feature could be on the horizon and included in demos and other help content generated for internal use. However, to avoid confusion, it might be desired that not everyone can see this. To facilitate this, a limited audience could be setup to have access to this content before release. Once the feature or product is launched, though, this access control could be removed so that everyone in the organization could access it.


Individual video access control gives more flexibility about how organizations manage access to internal assets. From timed “exclusive access” to new workflows, this feature broadens how enterprises can govern their internal communications.

Looking for some more advice for internal comms? Register and watch this Video Best Practices for Your Internal Communication Strategy webinar to learn advanced advice for increasing the success of your enterprise video strategy.