MediaLive Nexus
Loading...
StreamController --
đŸ–Ĩī¸
CPU --
💾
RAM --
WebRTC Bandwidth -- Mbps
📡
SRT Ingest 0
🌐
WebRTC Sessions 0
👁ī¸
Viewers 0
☁ī¸
AWS --
🌐
CloudFront --
🔄
Polling --
đŸ“ē
Channels 0/10

Multiview Creator

Loading multiviews...

Channel Flow Editor

Graphics Management

Graphics Sets

Loading sets...

Select a set

Select a graphics set to view URLs

FAST Scheduler

Inactive
to

Preview

đŸ“ē

Select a channel to preview

Now: -
Next: -

New Event

: :

Video Packages

👤 Account 🎨 Preferences 📱 Application ⚠ī¸ Confirmations
Admin Settings
📊 Monitoring ☁ī¸ AWS Config đŸ“ē Proxy Settings 🔐 SSO ⚙ī¸ Server 🔌 Services 📡 SRT Monitoring 💾 Backups ✨ AI Assistant
Superadmin
🔧 System Admin
Logs & Info
📋 Server Logs 📝 Changelog

Account Settings

Manage your account information and password

Profile Information

Username cannot be changed
Contact an administrator to change your role

Change Password

Minimum 8 characters, must include uppercase, lowercase, and number

Preferences

Customize your user experience

Audio Meters

Changes audio level meter display units

Video Playback

WebRTC provides sub-second latency but requires MediaMTX. HLS has 6-15 second latency but is more reliable.

Display Settings

Notifications

Application

Install and configure the app for your device

Install App

Installing as an app provides a standalone window that may work better with touchscreen monitors, and allows the app to run without browser chrome.

Touchscreen Mode

Makes buttons and controls larger for easier touch interaction

Confirmation Dialogs

Control which actions require confirmation

Channel Operations

Graphics Operations

User Management

Views and Data

Monitoring Settings

Configure system monitoring and polling intervals

Polling Configuration

How often to poll channel status (1000-60000ms)
How often to check system status (5000-300000ms)

HDR Detection

Number of simultaneous HDR detection processes (1-10)

Detailed Monitoring

AWS Configuration

Configure AWS credentials and MediaLive settings

Note: AWS credentials are stored in environment variables and .env file. Restart required after changes.

AWS Credentials

Configured via environment variables (AWS_ACCESS_KEY_ID)
Configured via environment variables (AWS_SECRET_ACCESS_KEY)

CloudFront Settings

CloudFront distribution for HLS proxy stream delivery (serves S3 proxy bucket content)
Changes to AWS settings require server restart. Update .env file for persistence.

Proxy Stream Settings

Configure low-bandwidth proxy outputs for monitoring and backup

SRT → WebRTC (Low-Latency Preview)

Real-time monitoring with ~200ms latency. MediaLive pushes SRT to MediaMTX, which converts to WebRTC for browser playback. Best for live monitoring where latency matters.

Flow: MediaLive → SRT → MediaMTX → WebRTC → Browser
Requires MediaMTX running on the server. Add via channel menu → "Add WebRTC Proxy"

HLS Backup (CloudFront CDN)

Reliable fallback with ~10-15s latency. MediaLive writes HLS segments to S3, served via CloudFront. More stable but higher latency than WebRTC.

Flow: MediaLive → HLS → S3 → CloudFront → Browser
Add via channel menu → "Add HLS Proxy"

Proxy Encoder Settings

Video encoding settings for both SRT and HLS proxy outputs. Changes apply to new proxies only — existing outputs keep their original settings.

100-10,000 kbps
Shorter = lower latency, longer = more stable

Maintenance

Regenerate Proxy Outputs — Delete and recreate proxy outputs on your selected channels with current settings. This will STOP affected channels during the process.

Clear HLS Bucket — Delete all HLS segments from S3 and invalidate CloudFront cache. Running channels will generate fresh streams.

SSO Configuration

Configure SAML 2.0 and OpenID Connect identity providers

Identity Providers

Loading...

How SSO Works

  • When an SSO provider is enabled, a "Login with SSO" button appears on the login page
  • Users are redirected to the identity provider to authenticate
  • New users are auto-provisioned with the mapped role (or default role)
  • SSO users cannot use password-based login
  • For SAML: download the SP metadata from the provider detail view to configure your IdP
  • For OIDC: use the callback URL shown in the provider detail view

Connecting Okta via OIDC

Step-by-step guide to connect Okta as an OpenID Connect identity provider.

Step 1: Create an App Integration in Okta
  1. Log in to your Okta Admin Console
  2. Navigate to Applications → Applications → Create App Integration
  3. Select OIDC - OpenID Connect as the sign-in method
  4. Select Web Application as the application type
  5. Click Next
Step 2: Configure the App Integration
App integration name MediaLive Nexus (or any name)
Grant type Authorization Code (default, leave checked)
Sign-in redirect URI https://<your-domain>/auth/sso/oidc/callback
Sign-out redirect URI Leave empty
Controlled access Select which users/groups should have access

Click Save to create the application.

Step 3: Collect the Credentials

From the app's General tab, copy the following values:

  • Client ID — e.g. 0oaxxxxxxxxxxxxxxxxxx
  • Client Secret — click the eye icon to reveal, then copy

Issuer URL:

  • Go to Security → API → Authorization Servers
  • Copy the Issuer URI for your authorization server
  • Default server: https://dev-12345678.okta.com/oauth2/default
  • Org server: https://your-org.okta.com
Step 4: Configure Group Claims (for role mapping)

To map Okta groups to MediaLive Nexus roles, you need to include a groups claim in the token:

Option A — Via App Settings:

  1. In the Okta app, go to Sign On → OpenID Connect ID Token
  2. Under Groups claim type, select Filter
  3. Claim name: groups, Filter: Matches regex .*

Option B — Via Authorization Server:

  1. Go to Security → API → Authorization Servers → default → Claims
  2. Click Add Claim
  3. Name: groups, Include in: ID Token + Access Token (Always)
  4. Value type: Groups, Filter: Matches regex .*
Step 5: Add the Provider in MediaLive Nexus
  1. Click "+ Add Provider" at the top of this page
  2. Set Display Name to Okta (or your organization name)
  3. Set Protocol to OpenID Connect (OIDC)
  4. Paste the Issuer URL, Client ID, and Client Secret from Step 3
  5. Set Scopes to openid profile email groups
  6. Choose a Default Role for users without a group mapping match
  7. Optionally add Group → Role Mappings (e.g. Okta group mlx-admins → Admin)
  8. Check Enable this provider
  9. Click Save
Step 6: Test the Connection
  1. Click the Test button on the provider card above
  2. If successful, the OIDC discovery document was fetched from your Okta issuer
  3. Open the login page — a "Login with Okta" button should appear
  4. Click it to verify the full authentication flow
Troubleshooting
invalid_client Double-check the Client ID and Client Secret. Regenerate the secret in Okta if needed.
redirect_uri_mismatch The Sign-in redirect URI in Okta must match exactly: https://<your-domain>/auth/sso/oidc/callback. Check for trailing slashes or http vs https.
No groups in token Verify the groups claim is configured in Okta (Step 4) and the groups scope is included.
SSO button missing Make sure the provider is enabled (checkbox in the form).
BASE_URL mismatch The server's BASE_URL environment variable must match your domain exactly (e.g. https://fsd.livenex.us). The callback URL is derived from this value.

Server Configuration

Configure server-wide settings and security

Warning: Changes to server configuration may require restart and can affect all users.

Authentication & Security

Access token lifetime (300-86400 seconds / 5min-24hr)
Refresh token lifetime (1-30 days)
Number of failed attempts before lockout
Time window for rate limiting (60-3600 seconds)

Server Settings

Requires server restart

Session Management

How often to clean expired sessions (1-168 hours)
Server configuration is stored in .env file. Changes require server restart to take effect.

Server Management

Restart the server to apply configuration changes. The page will automatically refresh when the server is back online.

AWS Services

View AWS resources and connection status for troubleshooting

AWS Connection

☁ī¸ AWS Region
--
🔗 Connection Status
--
🌐 Proxy CDN (CloudFront)
--
đŸ“Ļ S3 Proxy Bucket
--

MediaLive Channels

Total: -- Running: -- Idle: --
Channel Name Channel ID State Inputs
Loading...

MediaLive Inputs

Total Inputs: --
Input Name Input ID Type State
Loading...
Last updated: --

SRT Transcode Monitoring

Real-time monitoring of SRT ingest and WebRTC output streams via MediaMTX

Service Status

📡 MediaMTX
Loading...
📊 Total Bandwidth
--
🔗 Active Streams
--

Active Transcode Streams

Each stream shows the SRT ingest and WebRTC output status. Data refreshes every 5 seconds.

Loading stream data...

Database Backups

Manage database backups with automatic daily scheduling and manual triggers

Create Backup

Create a manual backup of both databases. Includes user accounts, settings, Kinetica templates, library metadata, reference data, and all saved configurations.

Available Backups

Last 7 backups are retained. Daily automatic backups run at 3:00 AM. Each backup includes both Auth and Kinetica databases.

Filename Size Created Actions
Loading...

AI Assistant

Configure the Claude AI integration for the Kinetica template builder

Claude API Key

Enter your Anthropic API key to enable the AI assistant in the builder. The key is stored server-side and never sent to the browser.

Model

Select which Claude model to use. Sonnet is recommended for most tasks — fast and precise. Opus is slower but more capable for complex template generation. Haiku is fastest and cheapest for simple edits.

System Administration

Git operations and environment configuration

Warning: These operations can affect system stability. Use with caution.

Git Operations

Current Commit: --
Branch: --
Last Message: --
Commit Date: --
Note: After pulling updates, you must restart the server for changes to take effect.

Environment Configuration

Edit server environment variables. Changes require a server restart.

Security Notice: Sensitive values (JWT_SECRET, AWS credentials) are hidden and cannot be modified through this interface.
Loading configuration...

Server Control

Restart the server to apply configuration and code changes.

Server Logs

View real-time server logs and events

âŗ Waiting for server logs...

Changelog

Version history and release notes

📄 Loading changelog...
Account Settings

User Management

Total Users
-
Admins
-
Managers
-
Operators
-
Viewers
-
Username Full Name Email Role Last Login Status Actions
Loading users...

Roles

Loading roles...

About MediaLive Nexus

Overview

MediaLive Nexus is a web-based dashboard for managing AWS MediaLive channels. It provides real-time monitoring, control, and automation capabilities for broadcast operations.

Key Features

  • Real-time channel monitoring with HLS preview
  • Input switching and graphics overlay control
  • Automated web-proxy feed creation
  • HDR detection and stream quality metrics
  • Schedule-based automation
  • Drag-and-drop channel reordering
  • Save and load custom channel views

Technology Stack

  • Backend: Node.js + Express
  • AWS SDK: MediaLive integration
  • Video: HLS.js for low-latency playback
  • Frontend: Vanilla JavaScript

Version

Loading...