The role of each user account controls what that user can do with their company's Shutterstock account. Each customer has one or more of these roles:
browse-only
: The user can browse and search media, view and edit collections, and download media that has already been licensed and is available for redownload.
The user cannot license media.
Users that have this role cannot have any other role.subscription-debitor-license
: The user can license and download media.subscription-debitor-comp
: The user can download media by using comps.
This role is meaningful only if your account allows comp downloads.Users with the browse-only
role cannot have any other role.
Users can have both the subscription-debitor-license
and the subscription-debitor-comp
roles if they need to be able to download both comps and licensed media.
Before you can assign a role to a user, you must ensure that the user has an organization or that your account has a default organization. See Assigning organizations.
To assign roles to users or change users' roles, add the roles as a custom attribute in the SAML assertion that your identity provider (IdP) sends to Shutterstock.
This attribute is named roles
and includes one or more value tags with the roles for the user.
Check your identity provider's documentation for information about how to configure the SAML assertion.
The attribute looks like this example, which assigns the user both the subscription-debitor-license
and the subscription-debitor-comp
roles:
<saml2:Attribute Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">subscription-debitor-comp </saml2:AttributeValue> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">subscription-debitor-license </saml2:AttributeValue> </saml2:Attribute>
To verify that your SAML assertion is set up correctly, compare it with the example in Next steps.
Now when the user accesses Shutterstock, that user is assigned to the specified roles. To change users' roles, send different roles in the SAML assertion the next time that the user logs in.
Here are instructions for setting up role provisioning if you are using Okta:
In the Okta SAML 2.0 application that represents Shutterstock, add a custom attribute with these fields:
string array
roles
TODO ???
Add these enumerated values for the attribute:
Browse
browse-only
Subscription Debitor (Comp)
subscription-debitor-comp
Subscription Debitor (License)
subscription-debitor-license
Set the attribute to be a required field.
Set the Group Priority for the attribute to Combine values across groups
.
In the application, create a group for the four possible role combinations. For example, you can structure the groups like this:
Shutterstock_browseOnlyUsers
Shutterstock_LicenseOnlyUsers
Shutterstock_compOnlyUsers
Shutterstock_compLicenseUsers
Assign the Shutterstock application to each group and set the correct role combination to each group.
In the previous example, the Shutterstock_LicenseOnlyUsers
group has the Subscription Debitor (License)
attribute value, and the Shutterstock_compLicenseUsers
group has both the Subscription Debitor (Comp)
and Subscription Debitor (License)
attribute values.
To change the role that a user has, send the new role or roles in the SAML assertion.
For example, to remove a user's permission to license media, set their role to browse-only
.
To see what roles a user is assigned, log in to shutterstock.com as that user, expand the user's information at the top right-hand corner of the page, and click Team. The Permission field shows whether the user can license images, download comps, or only search and browse media.
Vi har over 475 000 000 ressurser på Shutterstock.com per 30. november 2023.