Skip to main content

How to set up SSO on Vimeo

This feature requires an Enterprise plan.

This article discusses the setup and benefits of single sign-on (SSO) for Vimeo Enterprise users, detailing the process for creating a SAML connection, testing it, and managing user provisioning.

For Enterprise Accounts with Workspaces: This feature is managed at the Organization level by Organization Owners and Admins. For more information, visit How to edit my Organization's settings.

⚠️Note: The new SSO on Vimeo is initially for new customers. If you set up SSO before April 2024, you'll get it later this year, along with a guide to switch to the new experience. Contact your Account Manager for more information.

In this article

Overview

On Vimeo Enterprise, you can set up single sign-on (SSO) to allow your users to authenticate into Vimeo using a single credential across all your company apps. SSO allows you to manage your team’s access and keep your content more secure.

Vimeo supports the following:

  • SAML 2.0
  • Just-In-Time (JIT) provisioning
  • SCIM provisioning
  • Service Provider-initiated SSO
  • Identity Provider-initiated SSO

Key Terms

  • SAML - Vimeo uses the SAML (Security Assertion Markup Language) 2.0 standard to safely pass authentication credentials between your identity provider and your service provider.
  • Identity Provider (IdP) - Your Identity Provider is the single service your company uses for SSO across all your employees. Your users will use a single credential with your IdP to log into every app that has SSO.
  • Service Provider (SP) - In this case, Vimeo is the Service Provider to which your IdP passes the login credentials to authorize access.

Benefits

  • Users can use a single password across multiple applications. Since users only need to memorize one password, they are less likely to set easy-to-guess passwords or reuse passwords, making their accounts more secure.
  • Vimeo’s SSO settings allow you to set up several different automated user provisioning methods. This will allow you to manage user access to Vimeo without having to invite every single user to your account. Read more about provisioning methods.
  • Vimeo’s SSO settings are flexible, accommodating various IdPs and user provisioning methods. Read more about the recommended SSO configuration for your use case.

Process

Step 1 - Create your SAML connection

  1. Navigate to Team Management> Settings > Single Sign-On
    Screenshot 2024-06-07 at 12.34.18 PM.png
     
  2. Click the +Create Connection button
    7:6.png
  3. Enter a new SAML connection name
    • This is just a record for the connection and doesn’t need to match any specific IdP or account values. For example, this might be a useful record if you need to set up multiple IdPs for different business units or want to remember which IdP you use.
  4. Copy the Entity ID & ACS URL from Vimeo and save it for later. You will add this to your IdP in a later step.
    7.1.png
    ⚠️Note: Here you will also see your Single Logout URL. SSO single logout is an optional setting that ends Vimeo sessions for all team members as soon as they’re logged out of your identity provider. Learn how at 'How to control session duration on your team'.
  5. Go into your IdP & create a new SAML app for Vimeo.
  6. Paste the Entity ID & ACS URL into your IdP.
  7. In your IdP, set up the necessary SAML settings with the correct syntax, which are: email, firstName, and lastName
    • If you want to send a user group membership through SAML, you can also send a group attribute.
    • If you can’t set up custom attributes in your IdP, you can map your IdP attributes to Vimeo’s required attribute by entering your IdP attribute values in the SAML connection modal attribute mapping section.
  8. After saving the SAML connection in your IdP, now add your IDP information to Vimeo:
    1.  
      • If your IdP allows you to export a metadata file, you can upload an XML file, and Vimeo will parse out the sign-in URL and cert.
      • Alternatively, you can paste items individually:
        1. Paste your sign-in URL
        2. Paste or upload your signing certificate (must be .pem, .crt, or .cert file extension).
        3. Optionally, you can enter your Single Logout URL as well.
  9. Save your SAML settings.
  • We will not force any SSO authentication at this time. You can save the SAML connection now, test it out, and then activate it later.

Step 2 - Test & Claim Domain

  • While in Step 2 of the SAML connection modal, test your SAML connection by pasting the test link into another tab (i.e., an incognito window) and try logging in.
    • Note: Test users must already be on your team. To have a user authenticate and be provisioned automatically using the test URL, activate JIT provisioning from the settings.
    • We recommend testing with a small group of users (preferably 5-10) before considering your testing complete.
    • If you encounter an issue logging in, verify the values you entered in the Vimeo SAML connection modal and your IdP. Check out our common SSO issues article for help.
      7.2.png
  • Once you’ve validated that SAML is working, you can either close the modal and return later or you can request to claim your domain for that SAML connection if you want to force all users with your company’s domain to use SSO. Vimeo will review it and notify you once we’ve claimed the domain, which will force all users from your company to log in with SSO into Vimeo.

Step 3 - Set up your Provisioning options

Read our Types of Provisioning & Recommend SSO Configurations sections for info on which provisioning settings you should activate in this section.

  • If you’d like users with your company domain to sign in with SSO and be automatically provisioned, activate JIT provisioning.
  • If you’d only like users already on your Vimeo account to sign in with SSO and not set up automatic provisioning, activate team-based SSO.
  • If you’d like users to be provisioned with SCIM, set up a SCIM app and activate SCIM provisioning.

     

💡Tip: You can also set up multiple options at once - check out 'Recommended SSO Configurations' to ensure you set up SSO to best match your use case.

Step 4 - Set up SSO Settings

Activate the settings relevant to your use case:

  • Force SSO - Prevents users from logging in with email/password and disables password resets (strongly recommended).
    • This feature will be activated by default once you claim your company domain or activate team-only SSO.
  • Default role - Assign a default role to all new users created via JIT provisioning or SCIM.
  • Logout redirect URL - Specify a URL to which your users will be redirected after logging out of Vimeo.
    7.3.png
Was this article helpful?
16 out of 25 found this helpful
Return to top

Related articles

=