Single Sign-On with OTT allows you to bring your own Identity Provider (IdP) to connect to your Enterprise Vimeo OTT account. Enabling this feature will redirect all Customers who are signing in to use your Identity Provider as the primary means of authentication.
If you are using Okta for your SSO service, this article will teach you how to configure your integration. For more information about granting Entitlements with Single Sign-On, please see our primary Configuring SSO documentation.
In this article:
To begin, make sure you have an Okta account already registered. Vimeo OTT cannot troubleshoot your Okta account or provide technical support on how to populate your Identity Provider with user information.
- Create a new Okta Application.
- Applications allow you to connect different services to your Identity Provider.
- In Okta, choose Applications > Create App Integration
- On the Okta Applications screen, choose OIDC - OpenID Connect.
- Set your application type to Web Application.
- Click Next
- In the new Web App Integrations settings, give your App a name (such as “Vimeo OTT.")
- The logo and app visibility settings are up to you.
- The grant type should be preselected as Client acting on behalf of a user -> Authorization Code. You should leave this as is.
- When complete, choose Next.
- For the Sign-in redirect URIs section, provide the following URI: https://[YOUR VIMEO OTT SUBDOMAIN].vhx.tv/oauth/callback
- For now, leave Sign-out to redirect URIs and Base URIs blank.
- For Assignments, choose Skip group assignment for now
- The application is now created and ready to be added to your Vimeo OTT account. Leave this tab open and follow the instructions for updating your Vimeo OTT Settings in another window.
Configuring Vimeo OTT
To configure your Vimeo OTT site for Single Sign-On you will use the information provided from your Site Settings under Single Sign-On in the left rail. If you do not already have this page open, do so to begin.
Note: when an Identity Provider is enabled, all authentication for your OTT Site will be sent to your IdP. This means if you have any existing customers on OTT before enabling the integration that are not also in your IdP, they will need to be migrated. Vimeo OTT can not provide support for this migration but we do provide tools for exporting Customers to CSV.
- Under “Support Email” provide an email address where Customers can contact your Support team to help troubleshoot signing in. As Vimeo OTT is no longer the source of truth for authentication, your team must provide this information.
- Under “Remote Settings Page URL” provide a URL to the page where your Customers can manage their settings. As Vimeo OTT is no longer the source of truth for authentication, this will be handled on your service.
In the Entitlements section, you can select if you will be using OTT to collect customer payments OR if you are using your own third-party payment system.
- If you are using OTT to collect customer payments, you will need to provide a URL where customers can go to create an account in your IDP. Customers will not be able to purchase OTT products until they have created an account and are logged in (to ensure that users don’t exist in OTT and not in the IDP, which is the source of truth for access)
- If you are using a third-party payment system, you will need to provide a URL where customers can go to purchase your products. You will need to make sure that this process similarly creates customers in your IDP.
- (Optional) Under “Default Products”, choose from your list of Active products that you wish to grant Entitlements to Customers who first authenticate successfully. If your integration with Vimeo OTT requires more granular Entitlements than a default product, please leverage the OTT API to add Products to your Customers.
- In the Identity Protocol Settings section, select Open ID Connect from the dropdown menu.
In the previous tab for your Okta application settings, you will see a tab General, with a section General Settings. Here you’ll find your Okta domain (e.g. dev-xyz.okta.com).
- In Okta, copy this Okta domain value
- Paste this into OTT under “Token URL” and append /oauth2/default/v1/token - so dev-xyz.okta.com would become dev-xyz.okta.com/oauth2/default/v1/token
- Similarly, paste this under “Authorize URL” and append /oauth2/default/v1/authorize - so dev-xyz.okta.com would become dev-xyz.okta.com/oauth2/default/v1/authorize
- In Okta, on the General tab, you will also see a Client Credentials section. Copy “Client ID” and paste it into OTT under Client ID. Additionally, copy “Client Secret” and paste it into OTT under Client Secret.
- Provide “Login button text” - this is generally a generic message along the lines of “Sign In with [Your Site.]”
- Save your data.
When you are ready, choose Enable SSO and save again. Once this option is selected and saved, your Customers will immediately start to be redirected to your Identity Provider.