Skip to main content

How to set up SSO on Vimeo

This feature requires an Enterprise plan.

This article discusses the setup and benefits of single sign-on (SSO) for Vimeo Enterprise users, detailing the process for creating a SAML connection, testing it, and managing user provisioning.

For Enterprise Accounts with Workspaces: This feature is managed at the Organization level by Organization Owners and Admins. For more information, visit How to edit my Organization's settings.

⚠️Note: The new SSO on Vimeo is initially for new customers. If you set up SSO before April 2024, you'll get it later this year, along with a guide to switch to the new experience. Contact your Account Manager for more information.

In this article

What is SSO?

On Vimeo Enterprise, you can set up single sign-on (SSO) to allow your users to authenticate into Vimeo using a single credential across all your company apps. SSO allows you to manage your team’s access and keep your content more secure.

Vimeo’s SSO settings allow you to set up several different automated user provisioning methods. This will allow you to manage user access to Vimeo without having to invite every single user to your account. 

Vimeo’s SSO settings are flexible, accommodating various IdPs and user provisioning methods

Vimeo supports the following:

  • SAML 2.0
  • Just-In-Time (JIT) provisioning
  • SCIM provisioning
  • Service Provider-initiated SSO
  • Identity Provider-initiated SSO

Key terms and definitions

  • SAML - Vimeo uses the SAML (Security Assertion Markup Language) 2.0 standard to safely pass authentication credentials between your identity provider and your service provider.
  • Identity Provider (IdP) - Your Identity Provider is the single service your company uses for SSO across all your employees. Your users will use a single credential with your IdP to log into every app that has SSO.
  • Service Provider (SP) - In this case, Vimeo is the Service Provider to which your IdP passes the login credentials to authorize access.

How to set up my SSO

You can set up your SSO using the SSO admin console via your team settings page. 

⚠️Note: Only Account Owners and Admins have access to the SSO admin console. 

Step 1 - Create your SAML connection

  1. Select your profile photo located in the top right corner. 
  2. Navigate to Manage team > Settings > Single Sign-On (SSO)
  3. Select the +Create Connection button
    Single sign on settings page with 'create connection' highlighted
  4. Enter a new SAML connection name
    • This is just a record for the connection and doesn’t need to match any specific IdP or account values. For example, this might be a useful record if you need to set up multiple IdPs for different business units or want to remember which IdP you use.
      Create new SAML connection section with text space to type company name
  5. Copy the Entity ID & ACS URL from Vimeo and save it for later. You will add this to your IdP in a later step. 
  • Do not close the SSO console page. Keep it open until the SSO setup is finalized, as closing the window will cause the Entity ID and ACS URL links to be regenerated.
    Metadata section with each service provider values listed
    ⚠️Note: Here you will also see your Single Logout URL. SSO single logout is an optional setting that ends Vimeo sessions for all team members as soon as they’re logged out of your identity provider. 
  1. Go into your IdP & create a new SAML app for Vimeo.
  2. Paste the Entity ID & ACS URL into your IdP.
  3. In your IdP, set up the necessary SAML settings with the correct syntax, which are: email, firstName, and lastName
    • If you want to send a user group membership through SAML, you can also send a group attribute.
    • If you can’t set up custom attributes in your IdP, you can map your IdP attributes to Vimeo’s required attribute by entering your IdP attribute values in the SAML connection modal attribute mapping section.
      Attributes and mappings sections within the Vimeo SSO settings page
  4. After saving the SAML connection in your IdP, now add your IDP information to Vimeo:
    • If your IdP allows you to export a metadata file, you can upload an XML file, and Vimeo will parse out the sign-in URL and cert.
    • Alternatively, you can paste items individually:
      1. Paste your sign-in URL
      2. Paste or upload your signing certificate (must be .pem, .crt, or .cert file extension).Identity provider metadata section with spaces for the necessary information
      3. Optionally, you can enter your Single Logout URL as well.
  5. Save your SAML settings.
  • We will not force any SSO authentication at this time. You can save the SAML connection now, test it out, and then activate it later.

Step 2 - Test & Claim Domain

  • While in Step 2 of the SAML connection modal, test your SAML connection by pasting the test link into another tab (i.e., an incognito window) and try logging in.
    • Note: Test users must already be on your team. To have a user authenticate and be provisioned automatically using the test URL, activate JIT provisioning from the settings.
    • We recommend testing with a small group of users (preferably 5-10) before considering your testing complete.
    • If you encounter an issue logging in, verify the values you entered in the Vimeo SAML connection modal and your IdP. There are also other common issues that could be the cause. 
      Test URL section with copy button
  • Once you’ve validated that SAML is working, you can either close the modal and return later or you can request to claim your domain for that SAML connection if you want to force all users with your company’s domain to use SSO. Vimeo will review it and notify you once we’ve claimed the domain, which will force all users from your company to log in with SSO into Vimeo. Your approved domain claim will appear with a Claimed status. 
    • You have the ability to claim multiple domains.
    • It is only possible to claim domains that your organization owns. 
      Claim domain section with space to enter desired domain

Step 3 - Set up your Provisioning options

Read our Types of Provisioning & Recommend SSO Configurations sections for info on which provisioning settings you should activate in this section.

  • If you’d like users with your company domain to sign in with SSO and be automatically provisioned, activate JIT provisioning.
  • If you’d only like users already on your Vimeo account to sign in with SSO and not set up automatic provisioning, activate team-based SSO.
  • If you’d like users to be provisioned with SCIM, set up a SCIM app and activate SCIM provisioning.
  •  If there are users that were removed manually from the team, you can use the Allow reprovisioning tool to allow those users to be automatically reprovisioned with JIT provisioning. 
    Different provisioning options with the toggle on the right side to enable or disable

💡Tip: You can also set up multiple options at once - check out 'Recommended SSO Configurations' to ensure you set up SSO to best match your use case.

Step 4 - Set up SSO Settings

Activate the settings relevant to your use case:

  • Force SSO - Prevents users from logging in with email/password and disables password resets (strongly recommended).
    • This feature will be activated by default once you claim your company domain or activate team-only SSO.
  • Default role - Assign a default role to all new users created via JIT provisioning or SCIM.
  • Logout redirect URL - Specify a URL to which your users will be redirected after logging out of Vimeo.
    SSO configuration section with each option listed with a toggle and options on the right side

Making the most out of SSO

To have more control over how long users on your team are logged in and precisely when they’re logged out, you can control the session duration, which includes the ability to force log out all team members. 

Was this article helpful?
16 out of 25 found this helpful
Return to top

Related articles

=