Vimeo Enterprise offers flexible SSO configuration options so you can manage user provisioning and authentication in whichever way you need.
In this article
- SSO for everyone in your organization
- Provision all your users with SCIM
- Only for current members of your Vimeo account
- Multiple domains for One Identity Provider
- Multiple Identity Providers
SSO for everyone in your organization
If you’d like everyone with your company email address to log into your Vimeo account with SSO, we recommend the following settings:
- Set up a SAML connection
- Claim your company domain
- Enable JIT Provisioning
The next time your users go to log in with Vimeo, they will be redirected to your IdP login gate and provisioned to your Vimeo account. We also recommend setting up Vimeo as a gallery app using IdP-Initiated SSO so that your users can easily access it.
Provision all your users with SCIM
If you’d like to allow users to be provisioned and de-provisioned from Vimeo automatically based on the up-to-date members of your organization, we recommend the following settings:
- Set up a SAML connection
- Create a SCIM API app
You do not need to set up JIT provisioning or claim a domain, as all of your users who are provisioned with SCIM will log in with SSO.
⚠️Note: Not all IdPs offer SCIM, so check with your IdP if you can leverage this feature.
Only for current members of your Vimeo account
If you’d only like to allow users already on your Vimeo account to log in with SSO and not set up automatic provisioning, we recommend the following settings:
- Set up a SAML connection
- Enable Team-based SSO
- Alternatively, but optionally, you can set up SCIM and provision users granularly on the IdP side.
To provision new users to your account with Team-Based SSO, you should send each of them an email invite. Claiming a domain and enabling JIT provisioning is not recommended in this use case, as only your users who are invited manually will log in with SSO.
Multiple domains for One Identity Provider
If your company uses one IdP but manages multiple domains, you can support all your users with your single Vimeo Enterprise account.
You can set up one IdP with multiple claimed domains. Therefore, when a user goes to log into vimeo.com, all users with all your claimed domains in their email addresses will be redirected to the IdP login gate your organization uses.
- Set up a SAML connection
- Claim a domain
- Claim a second domain
- Etc
- Enable JIT provisioning
Multiple Identity Providers
If your company has multiple IdPs and you need to set up multiple SAML connections, you can support all your users with your single Vimeo Enterprise account.
You can set up multiple IdPs with different claimed domains for each of them. Therefore, when a user goes to log into vimeo.com, they will be redirected to the IdP login gate for the SAML connection you created which has claimed their domain. We recommend the following settings:
- Set up a SAML connection
- Claim a domain
- Set up a second SAML connection
- Claim a second domain
- Set up a second SAML connection
- Claim a second domain
(Continue for all your SAML connections)
- Claim a second domain
- Enable JIT provisioning
For a more advanced configuration, you can also set up multiple IdPs where up to one account uses team-based or SCIM-based SSO.
- Set up a SAML connection
- Don’t claim a domain
- Set up a second SAML connection
- Claim a domain
- Set up a third SAML connection
- Claim another domain
(Continue for all your SAML connections)
- Claim another domain
- Enable JIT provisioning
- Enable team-based SSO
In this case, users with a claimed domain will be redirected to the IdP corresponding with their claimed domain. Users on your team without a claimed domain will be redirected to IdP login gate for the third SAML connection.