Setting up SAML SSO with Azure

⚠️Note: Only the paid versions of Azure are supported; the Vimeo SSO solution does not support the free Azure tier. To configure SAML single sign-on for a non-gallery application without writing code, you need to have a subscription or Azure AD Premium.

For an overview of how SSO works with Vimeo Enterprise and the first steps of this process, please head to our Setting Up SSO guide.

In this article:

• Add a non-gallery application
• Configure user sign-in properties
• Edit the Basic SAML Configuration
• Configure User Attributes and Claims
• Obtain the SAML signing certificate
• Retrieve your Azure SSO URL
• Finish SSO Setup

Add a non-gallery application

Vimeo Enterprise will be added as a "non-gallery" application to your Azure portal. This means it isn't a listed third-party integration available to all Azure administrators.

1. Sign in to the Azure Active Directory portal using your Microsoft Identity platform administrator account.
2. Select Enterprise Applications > New application.
3. Select Non-gallery application. The Add your own application page will appear.
   
4. Enter the display name for your new application as Vimeo Enterprise.
5. Select Add. The application Overview page will open.

Configure user sign-in properties

1. From the Overview page, select Properties to open the Properties pane for editing.
2. Configure how users who are assigned or unassigned to the application can sign into the application, and if a user can see the application in the access panel.
   • Enabled for users to sign-in determines whether users assigned to the application can sign in.
   • User assignment required determines whether users who aren't assigned to the application can sign in.
   • Visible to user determines whether users assigned to an app can see it in the access panel and O365 launcher.
3. Optionally, you can add a custom logo.
4. When you're finished, select Save.

Edit the Basic SAML Configuration

1. Under the Manage section in the left-side navigation panel, select Single sign-on.
2. Select SAML. The Set up Single Sign-On with SAML - Preview page will appear.
   
3. To edit the basic SAML configuration options, select Edit (the pencil icon) in the upper-right corner of the Basic SAML Configuration section.
4. Enter the following settings:
   

   Field	Value
   Identifier (Entity Id)	Paste the Entity ID from Vimeo
   Reply URL	Paste the ACS URL from Vimeo
   Sign-on URL	Optional. Please leave this blank.
   Relay State	Optional. Please leave this blank.
   Logout URL	Optional. Please leave this blank.

Configure User Attributes and Claims

When a user authenticates via Azure SSO, your Azure account sends some basic information about the user to Vimeo. You will need to configure these values.

1. In the Set up Single Sign-on with SAML page, scroll to the User Attributes & Claims section and select Edit (the pencil icon) in the upper-right corner.
   
2. Configure these attributes as the following:
   

   Name	Value
   firstName	user.givenname
   lastName	user.surname
   email	user.email

To configure group claims, select the Edit icon for the Groups returned in claim field. For details, see Configure group claims.

More on assigning users and groups

• Using SSO group permissions on Vimeo
• Assign users or groups to the application in Microsoft
• Configure automatic user account provisioning in Microsoft

Obtain the SAML signing certificate

1. In the Set up Single Sign-on with SAML page, scroll to the SAML Signing Certificate section.
   
2. Configure the following settings for the certificate:
   
   • Expiration: Set for the maximum duration, three years from today's date
   • Signing Algorithm: SHA-256
   • Notification Email: The email address of someone in your organization responsible for administering your Azure account
3. Download the Base64 version of the certificate. This should be a .pem or .crt file.
4. Upload your certificate into the IdP certificate section on Vimeo.

Retrieve your Azure SSO URL

The section pictured below provides the SSO Login URL Vimeo requires to link to your Identity Provider. We do not need the Azure AD Identifier or the Logout URL.

Paste the URL into the Sign-In URL field on Vimeo.

Finish SSO Setup

Save your SAML connection, test login, and complete your SSO setup. Make sure you’ve also assigned your users in Azure to the Vimeo app so they can log in through your IdP.

After you’ve set up SAML SSO with Azure, you can set up SCIM.