Skip to main content

Single Sign-On: Configuring Okta using SAML on Vimeo OTT

OTT sellers using this integration must agree to provide their own viewer support. Information on how support works can be in this guide.

Single Sign-On with OTT allows you to bring your own Identity Provider (IdP) to connect to your Enterprise Vimeo OTT account. Enabling this feature will redirect all Customers who are signing in to use your Identity Provider as the primary means of authentication.

If you are using the Identity Provider Okta for your SSO service, this article will teach you how to configure your integration. For more information about granting Entitlements with Single Sign-On, please see our primary Configuring SSO documentation.

In this article

How do I configure Okta?

To begin, make sure you have an Okta account already registered. Vimeo OTT cannot troubleshoot your Okta account or provide technical support on how to populate your Identity Provider with user information. 

  1. Create a new Okta Application. 
    • Applications allow you to connect different services to your Identity Provider.
    • In Okta, choose Applications > Add Application
  2. On the Okta Applications screen, choose New Application.
    • Set your platform to Web
    • Set your Sign on method to SAML 2.0.
  3. In the new Application settings, give your App a name (such as “Vimeo OTT.")
    • The logo and app visibility settings are up to you.
    • When complete, choose Next.
  4. In the SAML Settings for your Application, provide the following information:
    1. Single Sign-On URL:
      • You will find this URL in your OTT Site Settings under Single Sign-On in the left rail.
      • Copy the link from SAML Consumer URL and paste it into this block.
    2. Audience URI:
      • You will find this URL in your OTT Site Settings under Single Sign-On in the left rail.
      • Copy the link from SP Entity ID and paste it into this block.
    3. Default RelayState:
      • This may be left blank.
    4. Name ID Format:
      • Select EmailAddress for this setting.
    5. Application username:
      • Select Email for this setting.
    6. Under Attribute Statements, pass along your Customers ID.
      • In the Name field, enter the key “id.”
      • In the Format field, choose Unspecified.
      • In the Value field, enter your User property that contains their ID. This is likely a custom property that you have populated from your Database of Users. This must be an immutable identifier for this Customer.
    7. (Optional) Under Attribute Statements, you may pass along your Customers name to OTT.
      • In the Name field, enter the key fullName.
      • In the Format field, choose Unspecified.
      • In the Value field, enter the value `user.firstName + " " + user.lastName` - be sure to include everything between the single quotes.
    8. Choose Next. On the Support page that follows, choose I’m a software vendor.
    9. Choose Finish.
    10. The Application is now created and ready to be added to your Vimeo OTT account. Leave this tab open and follow the instructions for updating your Vimeo OTT Settings in another window.

How do I configure Vimeo OTT?

To configure your Vimeo OTT site for Single Sign-On you will use the information provided from your Site Settings under Single Sign-On in the left rail. If you do not already have this page open, do so to begin.

⚠️Note: when an Identity Provider is enabled, all authentication for your OTT Site will be sent to your IdP. This means if you have any existing customers on OTT before enabling the integration that is not also in your IdP, they will need to be migrated. Vimeo OTT can not provide support for this migration but we do provide tools for exporting Customers to CSV.

  1. In your Single Sign-On settings, give your integration a SAML Service Name. This does not have to match the Application name you provided in Okta but it is a recommended practice to do so.
  2. Provide “Login button text” - this is generally a generic message along the lines of “Sign In with [Your Site.]”
    • In most cases, your Customers will never see a button in order to sign in but in certain cases where this need surfaces, we will use the text you have provided.
  3. In the previous tab for your Okta application settings, you will see a link for View Setup Instructions - click this link.
  4. You will need to copy and paste the SAML 2.0 settings into your OTT Account before enabling the Integration:
    1. In Okta, copy the “Identity Provider Single Sign-On URL:”
      • Paste this into OTT under “Single sign-on endpoint”
    2. In Okta, copy the entire “X.509 Certificate” including the “----Begin Certificate---” all the way down through “----End Certificate---”
      • Paste this into OTT under “Certificate”
  5. Under “Remote Account Registration URL” provide a URL to the page where your customers should sign in. This is most likely your Okta domain name.
  6. Under “Remote Settings Page URL” provide a URL to the page where your Customers can manage their settings. As Vimeo OTT is no longer the source of truth for authentication, this will be handled on your service.
  7. Under “Support Email” provide an email address where Customers can contact your Support team to help troubleshoot signing in. As Vimeo OTT is no longer the source of truth for authentication, your team must provide this information.
  8. (Optional) Under “Default Products”, choose from your list of Active products that you wish to grant Entitlements to Customers who first authenticate successfully. If your integration with Vimeo OTT requires more granular Entitlements than a default product, please leverage the OTT API to add Products to your Customers.
  9. Save your data.

When you are ready, choose Enable SSO and save again. Once this option is selected and saved, your Customers will immediately start to be redirected to your Identity Provider.

 

Was this article helpful?
0 out of 1 found this helpful
Return to top

Related articles

=