This guide will walk through how Enterprise users can set up a SCIM connection with Vimeo for their organization using Okta as their IdP (Identity Provider).
If you’re an existing Vimeo Enterprise customer and don’t have SCIM, please contact your Account Manager for more information. If you are not a Vimeo Enterprise customer yet and are interested in SCIM, please contact us.
In this article:
- Configuring the Okta App
- Provisioning users Okta to Vimeo
- Processing failed SCIM attempts
- Restrictions
- Support attributes (mapping)
Configuring the Okta App
- Go to your existing SAML application that is used for Vimeo.
- In the General tab, edit App settings.
-
Change Provisioning from None to SCIM.
-
There should now be a Provisioning area or tab in the application:
- Go to the Provisioning tab > Settings > Integration > select Edit.
- Enter the SCIM connector base URL using this URL format: https://api.vimeo.com/scim/v2/12345678, where 12345678 is the Vimeo team owner’s User ID; you can find it in the upper left corner of the Vimeo Account Settings page.
- In the Unique identifier field for users field, enter userName.
- Enable all the supported provisioning actions that are listed here.
- In the Authentication Mode menu, select HTTP Header.
- For Authorization, paste the generated API token from Vimeo.
- Click Save.
- Next, go to the Provisioning tab > Settings > To App.
- Enable Create users, Update user attributes, and Deactivate users.
- Select Save.
Provisioning users Okta to Vimeo
The initial step to start provisioning in Okta is assigning users to the SAML application. If you just created a SAML application to set up SSO and SCIM, you can assign users and they will be provisioned automatically.
If you already have a SAML application with assigned users, they won’t be provisioned once the provision is enabled. You have two options in Okta:
- You can unassign and assign users again, or
- You can contact Okta support and ask to enable a feature called Provision out of sync users which would add a Provision now button next to each user that is not provisioned after provisioning is enabled.
After you’ve initiated provisioning, you can see on your team settings page that team members have been added to your Vimeo account.
You can now also push Groups from your IdP into Vimeo if you need:
Processing failed SCIM attempts
There are cases where users can’t be migrated via SCIM, such as:
- A user with the same email address already exists on Vimeo and is not on this Enterprise team
- Your account reached its seat cap
- Connection errors
In these cases, you can go to your team settings page and download a list of failed migrations where you see the error message.
In most cases, to address them, it’s best to contact your Account Manager: some of them can be handled by migrating Vimeo users to your Enterprise account, others by purchasing additional seats.
Restrictions
When you change a user's information in your IdP, be sure to keep the Username and Email identical.
Support attributes (mapping)
We do not support all SCIM out-of-the-box user attributes. Currently, Vimeo supports these user attributes:
- schemas (read-only, required by SCIM specification)
- id (read-only, required by SCIM specification)
- userName (mutable, requires the same value for email)
- Name (mutable)
- name.formatted (same as givenName+familyName)
- name.givenName
- name.familyName
- displayName (same as givenName+familyName)
- Active (mutable)
- emails (only type=work and primary=true) (mutable)
- profileUrl (read-only)
- locale (mutable)
- groups (read-only, mutable from /Groups endpoint)
- meta (read-only)
Please contact scim-support@vimeo.com if you have any issues.