Skip to main content

Single Sign-On: Configuring Auth0 using SAML on Vimeo OTT

OTT sellers using this integration must agree to provide their own viewer support. Information on how support works can be found here.

Single Sign-On with OTT allows you to connect your Identity Provider (IdP) to your Enterprise Vimeo OTT account. Enabling this feature will redirect all Customers who are signing in to use your Identity Provider as the primary means of authentication.

If you are using the Identity Provider Auth0 for your SSO service, this article will teach you how to configure your integration. For more information about granting Entitlements with Single Sign-On, please see our primary Configuring SSO documentation

In this article:

Configuring Auth0

To begin, make sure you have an Auth0 account already registered. Vimeo OTT cannot troubleshoot your Auth0 account or provide technical support on how to populate your Identity Provider with user information.

Note that these instructions will require some values from your SSO settings, so be sure to navigate to your OTT Site Settings page and open the SSO settings as you follow along. 

  1. Create a new Auth0 application.
    • Give your Application a memorable name - i.e. “My Site - OTT.”
    • Choose the “Regular Web Applications” option.
  2. After creating, go to the Addons tab and enable “SAML2 Web App” option.
    This activates your Auth0 account to use the required SAML payload for authenticating with OTT. Once the “SAML2 Web App” is activated, it will need to be configured.
  3.  In the SAML2 Web App window that opens, click over to the “Settings” tab and set the Application Callback URL to your SAML Consumer URL found in your OTT SSO Settings.
    Example: https://www.mywebsite.com/saml/consume
  4. Under Addons, choose the SAML2 Web App option. In the window that opens, click on the “Settings” tab. There are a number of properties you can configure here but only two are required:
    “mappings”
    • Uncomment the mappings object and set email to “email”
    • “nameIdentifierFormat”
      Uncomment this property and set the value to the persistent format
      “urn:oasis:names:tc:SAML:1.1:nameid-format:persistent”
      You may optionally send “name” in the mappings as well but only email is required. 
  5. Save your SAML2 Web App Settings.

Sample SAML2 Web App Configuration

Sample SAML2 Web App Configuration (Using Non-Custom Domain):

{

"mappings": {

"email": "email"

},

"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:persistent"

}

Configuring Vimeo OTT

To configure your Vimeo OTT site for Single Sign-On, you will use the information provided from your Site Settings under “Single Sign-On” in the left rail. If you do not already have this page open, do so to begin.

⚠️Note: when an Identity Provider is enabled, _all_ authentication for your OTT Site will be sent to your IdP. This means if you have any existing customers on OTT before enabling the integration that is not _also_ in your IdP, they will need to be migrated. Vimeo OTT can not provide support for this migration but we do provide tools for exporting Customers to CSV.

  1. In your Single Sign-On settings, give your integration a SAML Service Name. This does not have to match the Application name you provided in Auth0 but it is a recommended practice to do so.
  2. Provide “Login button text” - this is generally a generic message along the lines of “Sign In with [Your Site]”
  3. In most cases, your Customers will never see a button in order to sign in but in certain cases where this need surfaces, we will use the text you have provided.
    In Auth0, navigate to your Application, choose the “Addons” section, and click on the “SAML2 Web App” that you previously configured. A window will open and you will see a tab for “Usage.” Use the information in that window for the following step.
  4. You will need to copy and paste the SAML2  settings from the Usage window into your OTT Account before enabling the Integration.
  • In Auth0, copy the “Identity Provider Login URL” link
  • Paste this into OTT under “Single sign-on endpoint”
  • In Auth0, click the “Identity Provider Certificate” link and download the .pem file to a safe location.
  • Open the .pem file in a text editor and copy the entire contents; including the “-----BEGIN CERTIFICATE-----” and the “-----END CERTIFICATE-----”
    Paste the certificate contents into your Vimeo OTT SSO settings.
  1.  Under “Remote Account Registration URL” provide a URL to the page where your viewers should sign in. This is most likely the same as your “Identity Provider Login URL” provided above but may be different depending on your configuration.
  2. Under “Support Email” provide an email address where Customers can contact your Support team to help troubleshoot signing in. As Vimeo OTT is no longer the source of truth for authentication, your team must provide this information.
  3. Optional: Under “Default Products”, choose from your list of Active products that you wish to grant Entitlements to Customers who first authenticate successfully. If your integration with Vimeo OTT requires more granular Entitlements than a default product, please leverage the OTT API to add Products to your Customers.
  4.  Save your data.
    When you are ready, choose “Enable SSO” and save again. Once this option is selected and saved, your Customers will immediately start to be redirected to your Identity Provider.

 

 

Related articles

=