⚠️Note: This new SSO experience is only currently available to new customers on Vimeo. If you set up SSO before April 2024, you will get this experience later this year with an in-depth guide on how to switch. If you’d like to switch over to the new experience early, contact your Account Manager.
In this article
Overview
On Vimeo Enterprise, you can set up single sign-on (SSO) to allow your users to authenticate into Vimeo using one single credential across all your company apps. SSO allows you to manage your team’s access and keep your content more secure.
Vimeo supports the following:
- SAML 2.0
- Just-In-Time (JIT) provisioning
- SCIM provisioning
- Service Provider-initiated SSO
- Identity Provider-initiated SSO
Key Terms
- SAML - Vimeo uses the SAML (Security Assertion Markup Language) 2.0 standard to safely pass authentication credentials between your identity provider and your service provider.
- Identity Provider (IdP) - Your Identity Provider is the single service your company uses for SSO across all your employees. Your users will use a single credential with your IdP to log into every app that has SSO.
- Service Provider (SP) - In this case, Vimeo is the Service Provider that your IdP passes the login credential along to to authorize them to access it.
Benefits
- Users can use one password across many different applications. Since the user only needs to memorize one password, users will not set easy-to-guess passwords or reuse passwords, allowing your accounts to be more secure.
- Vimeo’s SSO settings allow you to set up several different automated user provisioning methods. This will enable you to manage user access to Vimeo without having to invite every single user to your account. Read more about provisioning methods.
- Vimeo’s SSO settings are flexible, accommodating various IdPs and user provisioning methods. Read more about the recommended SSO configuration on your use case.
Process
Step 1 - Create your SAML connection
- Navigate to Team Management> Settings > Single Sign-On
- Click the +Create Connection button
- Enter a new SAML connection name
- This is just a record for the connection and doesn’t need to match any specific IdP or account values. For example, this might be a useful record if you need to set up multiple IdPs for different business units, or want to remember which IdP you use.
- This is just a record for the connection and doesn’t need to match any specific IdP or account values. For example, this might be a useful record if you need to set up multiple IdPs for different business units, or want to remember which IdP you use.
- Copy the Entity ID & ACS URL from Vimeo and save it for later you will add this to your IdP in a later step.
- Go into your IdP & create a new SAML app for Vimeo.
- Paste the Entity ID & ACS URL into your IdP
- In your IdP, set up the necessary SAML settings with the correct syntax, which are: email, firstName, and lastName
- If you want to send a user group membership through SAML, you can send a groups attribute as well.
- If you can’t set up custom attributes in your IdP, you can map your IdP attributes to Vimeo’s required attribute by entering your IdP attribute values in the SAML connection modal attribute mapping section.
- After saving the SAML connection in your IdP, now add your IDP information to Vimeo:
-
- If your IdP allows you to export a metatada file, you can upload an XML file and Vimeo will parse out the sign in URL and cert.
- Alternatively, you can paste items individually:
1. Paste your sign-in URL
2. Paste or upload your signing certificate (must be .pem, .crt, or .cert file extension).
-
-
-
Save your SAML settings.
- We will not force any SSO authentication at this time. You can simply save the SAML connection so you can test it out now, and enable it later.
Step 2 - Test & Claim Domain
- While in Step 2 of the SAML connection modal, test your SAML connection by pasting the test link into another tab (i.e. an incognito window) and try logging in.
- Note: Test users must already be on your team. If you want a user to authenticate and be provisioned automatically using the test URL, you should enable JIT provisioning from the settings.
- We recommend you test with a couple of users (preferably 5-10) before you consider your testing complete.
- If there is an issue logging in, check all the values you entered in the Vimeo SAML connection modal and in your IdP. Check out our common SSO issues article for help.
- Once you’ve validated that SAML is working, you can either close the modal and return later, or you can request to claim your domain for that SAML connection if you want to force all users with your company’s domain to use SSO. Vimeo will review it and notify you once we’ve claimed the domain, which will force all users from your company to log in with SSO into Vimeo.
Step 3 - Set up your Provisioning options
Read our Types of Provisioning & Recommend SSO Configurations sections for info on which provisioning settings you should enable in this section.
- If you’d like users with your company domain to sign in with SSO and be automatically provisioned, enable JIT provisioning.
- If you’d only like users already on your Vimeo account to sign in with SSO and not set up automatic provisioning, enable team-based SSO.
- If you’d like users to be provisioned with SCIM, set up a SCIM app and enable SCIM provisioning.
💡Tip: You can also set up multiple options at once - check out Recommended SSO Configurations to ensure you set up SSO to best match your use case.
Step 4 - Set up SSO Settings
Enable the settings relevant to your use case:
-
Force SSO - Prevents users from logging in with email/password and disables password resets (strongly recommended)
- This will be enabled by default once you claim your company domain or turn on team-only SSO.
- Default role - Apply a default role for all new users that are created via JIT provisioning or SCIM.
-
Logout redirect URL - Specify a URL to which your users will be redirected after logging out of Vimeo.