Setting Up SSO
What does Vimeo support?
Setting up SSO creates a simple and secure login for your viewers. We support SSO with a variety of providers. Our out-of-the-box configuration supports SP-initiated SAML SSO with JIT provisioning.
What will we need?
To set up SSO, you'll need to provide the following to Vimeo:
- SSO Sign-In URL
- SAML Certificate (.pem or .cer format)
- SSO Domain(s)
From Vimeo, you'll need these items (replacing USER_ID with your Vimeo User ID).
- ACS URL: https://vimeo.auth0.com/login/callback?connection=USER_ID
- Entity ID: urn:auth0:vimeo:USER_ID
You can find your User ID when logged in to your Vimeo Enterprise account and heading to this page. Note that you must be logged in as the Enterprise Account owner.
How do I configure this with my Identity Provider?
We support SSO with the following Identity Providers. Click which one you use to head to customized instructions per platform.
- GSuite as SAML
- Okta as SAML
- Microsoft Azure as SAML (Note: only the paid versions of Azure are supported.)
- Duo as SAML
- ADFS as SAML
Less common IdPs we support:
- Ping Federate
Please discuss with your Technical Program Manager if you are using a service not listed above.
Generic SAML 2.0 configuration
If we don't have tailored instructions for your IdP above, you'll want use their documentation to configure Vimeo as a generic SAML 2.0 application.
Every IdP needs the Value column configured according to their syntax. What's important to know here is that we require you to send us email, firstName and lastName.
|Unspecified||Varies by IdP|
|firstName||Unspecified||Varies by IdP|
|lastName||Unspecified||Varies by IdP|
Groups & Organizational Units (OUs)
Your IdP likely has your company organized into departments. You'll want to make sure all users who should have access to Vimeo via SSO are "assigned" to the correct group/OU and that it is assigned access to the Vimeo SAML 2.0 application.
SSO Groups & SCIM Provisioning
If you'd like to send over groups and provide those groups access to specific folders of content, you have two ways to send those to Vimeo.
- SCIM - Can be used to automatically sync users and groups between your IdP and Vimeo Enterprise account. This is an ideal deployment for Video Library and use cases involving multiple teams.
- SAML - Can be set up by sending a group attribute during mapping. Users will be associated with a group in the Team Member manager after logging into Vimeo.com with SSO credentials.
Setting up Multiple IdPs
If you manage multiple identity providers (i.e. for different brands), you'll want to fill out the form once for each identity provider. Please give your technical program manager a heads up that you would like to set up multiple identity providers and they will help with the implementation.