Setting Up SSO: Microsoft Azure AD

Important Note: Only the paid versions of Azure are supported. The free Azure tier is not supported by the Vimeo SSO Solution.

To configure SAML single sign-on for a non-gallery application without writing code, you need to have a subscription or Azure AD Premium. Vimeo Enterprise supports SAML 2.0.

Add a non-gallery application

Vimeo Enterprise will be added as a "non-gallery" application to your Azure portal. This just means it isn't a listed third party integration available to all Azure administrators.

1. Sign in to the Azure Active Directory portal using your Microsoft identity platform administrator account.
2. Select Enterprise Applications > New application.
3. Select Non-gallery application. The Add your own application page appears.

   

4. Enter the display name for your new application as Vimeo Enterprise.
5. Select Add. The application Overview page opens.

Configure user sign-in properties

1. Select Properties to open the properties pane for editing.

   

2. Configure how users who are assigned or unassigned to the application can sign into the application and if a user can see the application in the access panel.
   
   • Enabled for users to sign-in determines whether users assigned to the application can sign in.
   • User assignment required determines whether users who aren't assigned to the application can sign in.
   • Visible to user determines whether users assigned to an app can see it in the access panel and O365 launcher.
     
     • We recommend you hide the Vimeo SSO app from the O365 launcher. This way, your users can only access a Vimeo Enterprise Showcase via a link you send.
3. You don't need to set a custom logo. This won't be visible to your end users.
4. When you're finished, select Save.

Edit the Basic SAML Configuration

1. Under the Manage section, select Single sign-on.
2. Select SAML. The Set up Single Sign-On with SAML - Preview page appears.

3. To edit the basic SAML configuration options, select the Edit icon (a pencil) in the upper-right corner of the Basic SAML Configuration section.

4. Enter the following settings.

   Field	Value
   Identifier (Entity ID)	urn:auth0:vimeo:YOUR_USER_ID where YOUR_USER_ID is your Vimeo User ID.
   Reply URL	https://vimeo.auth0.com/login/callback?connection=YOUR_USER_ID where YOUR_USER_ID is your Vimeo User ID.
   Sign-on URL	Optional. Please leave blank.
   Relay State	Optional. Please leave blank.
   Logout URL	Optional. Please leave blank.

Configure User Attributes and Claims

When a user authenticates via Azure SSO, your Azure account sends some basic information about the user to Vimeo. Please configure these values

1. In the User Attributes and Claims section, select the Edit icon (a pencil) in the upper-right corner.

2. Configure these attributes as the following:

To configure group claims, select the Edit icon for the Groups returned in claim field. For details, see Configure group claims.

More on assigning users and groups

• Assign users or groups to the application
• Configure automatic user account provisioning

Manage the SAML signing certificate

Next, you'll need to obtain your certificate which will you'll need to send to Vimeo.

1. Go to the SAML Signing Certificate section.

Configure the following settings for the certificate:

Download the Base64 version of the certificate. This should be a .pem or .crt file. Submit it to Vimeo using the form at the bottom of the page. 

Retrieve your Azure SSO URL

The section pictured below provides the SSO Login URL Vimeo requires to link to your Identity Provider. Copy this value and submit it through the form at the bottom of this guide. We do not need the Azure AD Identifier or the Logout URL.

Submit your details

Based on the instructions above, you can use the form on this page to submit the required details.