Vimeo Enterprise offers flexible SSO configuration options so you can manage user provisioning and authentication in whichever way you need.
In this article
- SSO for everyone in your organization
- Provision all your users with SCIM
- Only for current members of your Vimeo account
- Multiple domains for One Identity Provider
- Multiple Identity Providers
SSO for everyone in your organization
If you’d like everyone with your company email address to log into your Vimeo account with SSO, we recommend the following settings:
- Set up a SAML connection
- Claim your company domain
- Enable JIT Provisioning
The next time your users go to log in with Vimeo, they will be redirected to your IdP login gate and provisioned to your Vimeo account. We also recommend setting up Vimeo as a gallery app using IdP-Initiated SSO so that your users can easily access it.
Provision all your users with SCIM
If you’d like to allow users to be provisioned and de-provisioned from Vimeo automatically based on the up-to-date members of your organization, we recommend the following settings:
- Set up a SAML connection
- Create a SCIM API app
- Claim a domain
Claiming a domain is a critical step when configuring SSO for your enterprise on Vimeo, as it ensures a seamless and secure user management experience. When a domain is claimed, any Vimeo user with an email address matching that domain is automatically recognized as part of your enterprise. This eliminates the need for those users to manually accept team invitations during SCIM provisioning, streamlining the onboarding process. Without a claimed domain, existing Vimeo users must verify their transition to your team by accepting a verification email, which adds an extra step to the process. By claiming your domain, you can simplify user provisioning, maintain tighter control over team membership, and reduce friction for your employees when setting up SSO.
⚠️Note: Not all IdPs offer SCIM, so check with your IdP if you can leverage this feature.
Only for current members of your Vimeo account
If you’d only like to allow users already on your Vimeo account to log in with SSO and not set up automatic provisioning, we recommend the following settings:
- Set up a SAML connection
- Enable Team-based SSO
- Alternatively, but optionally, you can set up SCIM and provision users granularly on the IdP side.
To provision new users to your account with Team-Based SSO, you should send each of them an email invite. Claiming a domain and enabling JIT provisioning is not recommended in this use case, as only your users who are invited manually will log in with SSO.
Multiple domains for One Identity Provider
If your company uses one IdP but manages multiple domains, you can support all your users with your single Vimeo Enterprise account.
You can set up one IdP with multiple claimed domains. Therefore, when a user goes to log into vimeo.com, all users with all your claimed domains in their email addresses will be redirected to the IdP login gate your organization uses.
- Set up a SAML connection
- Claim a domain
- Claim a second domain
- Etc
- Enable JIT provisioning
Multiple Identity Providers
If your company has multiple IdPs and you need to set up multiple SAML connections, you can support all your users with your single Vimeo Enterprise account.
You can set up multiple IdPs with different claimed domains for each of them. Therefore, when a user goes to log into vimeo.com, they will be redirected to the IdP login gate for the SAML connection you created which has claimed their domain. We recommend the following settings:
- Set up a SAML connection
- Claim a domain
- Set up a second SAML connection
- Claim a second domain
- Set up a second SAML connection
- Claim a second domain
(Continue for all your SAML connections)
- Claim a second domain
- Enable JIT provisioning
For a more advanced configuration, you can also set up multiple IdPs where up to one account uses team-based or SCIM-based SSO.
- Set up a SAML connection
- Don’t claim a domain
- Set up a second SAML connection
- Claim a domain
- Set up a third SAML connection
- Claim another domain
(Continue for all your SAML connections)
- Claim another domain
- Enable JIT provisioning
- Enable team-based SSO
In this case, users with a claimed domain will be redirected to the IdP corresponding with their claimed domain. Users on your team without a claimed domain will be redirected to IdP login gate for the third SAML connection.