Cardinal Media Server Accounts
The first Cardinal account that logs into your Media Server will be made the server owner.
Your self-hosted apps support two types of user accounts: Cardinal Accounts and local accounts.
Cardinal Accounts
Cardinal Accounts (also called "cloud accounts") are a free cloud service provided by Cardinal Apps Inc. that enables secure authentication in your self-hosted apps and connects you to other Cardinal users and services. Product information for this service, including specifics about features, tiers, and pricing is available at cardinalapps.io.
The information on this page details how Cardinal Accounts integrate with your self-hosted apps.
Claiming Your Self-Hosted App
Claiming a self-hosted app is how you secure it and lock it down to your Cardinal Account. Once your self-hosted app is up and running, just log in with your cloud account and the claim will happen automatically. You can self-host and claim as many apps as you like.
Once claimed, your self-hosted app gains access to all features included in your subscription tier. To confirm that the claim was processed correctly, verify these things:
- In your self-hosted Admin app, your Cardinal Account should have the Owner role.
- In the Account Portal, under Claims, confirm that the
instanceIdmatches the one you see in your self-hosted Admin app.
Joining Self-Hosted Apps
Owners of self-hosted apps can invite other users using Invitations. When a cloud user logs into a new self-hosted app for the first time, they will be asked to authorize exactly which bits of information the self-hosted app can see about their Cardinal Account. This set of permissions is called "permission scopes".
When you authorize an app access to these scopes, you are also allowing the app to refresh the data for as long as the authorization is active. Your can manage your app authorizations in the Account Portal.
Permission Scopes
| Scope | Description |
|---|---|
| user_id | Your unique Cardinal user ID |
| user_public_name | The public name you've set, if you've set one. |
| user_email_confirmed | A boolean indicating whether you have confirmed your email. This does not reveal your actual email. |
| user_avatar | Your cloud avatar |
| subscription | Your subscription tier |
Local accounts
Your self-hosted apps also support local accounts. At this time, the only local account is the Guest account.
Guest account
The Guest account is a special account that allows for offline admin access to your server. It serves a few purposes:
- It allows for new users to try the apps without making an account.
- It guarantees local offline access in the event of a nuclear apocalypse (i.e., the auth servers are not reachable).
- It makes it easy to share apps on a single computer with other people.
The Guest account can be disabled if the server has been claimed by a Cardinal Account.
Seats
The number of user seats that your Media Server supports is determined by the subscription tier of the server owner. Each seat can be occupied by a one user at a time. When the server is at capacity, no new users will be able to join until a seat becomes available.
The following accounts do not use a seat
- Guest account