Obscreen Docs

Appearance

Authentication Management

Obscreen provides a very simple way to manage authentication for your Studio instance.

Enable Authentication

  1. Go to Settings section then click on General menu item.
  2. Under Security tab, check Enable Authentication.
  3. Now a new Security section will appear, click on Users menu item.

WARNING

You'll be logged out from the current session. Default credentials are admin for both username and password.

🎭 Roles

Obscreen implements a comprehensive access control system through user teams (groups) and role-based permissions.

  • Owner there is only one owner per instance. No restrictions apply to owner.
  • Admin there can be multiple admins per instance. No restrictions apply to admins.
  • Content Manager can manage content only (Library and Playlists).
  • Device Manager can manage devices only (Players, Studios and Playgroups).

👬 Teams

Teams allow you to organize users into logical groups, making it easier to manage access to specific content and devices. A user can belong to one team only, and their effective permissions are determined by their role within each team.

✋ Permissions & Ownership

By default, when a user creates a new element (content, playlist, device, etc.), their team will automatically be applied to that element. However, only Owner and Admin users have the ability to edit team ownership:

  • Navigate to the element's settings
  • Look for the Permissions section in the settings panel
  • Select the appropriate team to assign ownership
  • Save the changes

This team assignment determines which users can access and modify the element based on their role and team membership.

🔎 Permission Details

The following table outlines the specific permissions for each role and team configuration:

🟡 Owner
  • Full access (Content, Device, Security)
  • All permissions can be altered
🟠 Admin
  • Full access (Content, Device, Security)
  • Alter permissions:
    • Team assigned: can only alter permissions for their team's elements
    • No team assigned: can alter permissions
🔵 Content Manager
  • Limited access to Content
  • Alter permissions:
    • Team assigned: can only alter permissions for their team's Content elements
    • No team assigned: can alter permissions
🔴 Device Manager
  • Limited access to Device
  • Alter permissions:
    • Team assigned: can only alter permissions for their team's Device elements
    • No team assigned: can alter permissions

Two-Factor Authentication

TOTP is a 2FA method that uses a time-based one-time password (TOTP) to authenticate users.

How to enable TOTP

  1. Click on your name in left menu bar to open Profile page.
  2. Under Security tab, you can TOTP (Authenticator) as an authentication method under Two-Factor Authentication section.
  3. Now a new Configure button will appear, click on it to start setup process.

I'm locked out of the Studio because I forgot my password. How can I reset it?

You have to start Studio with SAFE_MODE=true environment variable to bypass login and be able to reset the password.