Setting Up SSO: ADFS SAML Connection
Your users can access a Vimeo Enterprise showcase using a custom SAML connection to Microsoft's Active Directory Federation Services (ADFS). Our below instructions are customized to the settings of the Vimeo Enterprise product.
Add a Relying Party Trust
- Launch your instance of ADFS and start the "Add Relying Party Trust" wizard.
- On the "Welcome" page, choose "Claims aware" and click "Start".
- On the "Select Data Source" page, select "Enter data about the relying party manually" and click "Next".
- On the "Specify Display Name" page, provide a descriptive name for your relying party (the typical format is
urn:auth0:vimeo:USER_ID
) and a brief description under Notes. Be sure to replaceUSER_ID
with your Vimeo ID. Click "Next". - On the "Configure Certificate" page, click "Next". (We will come back to configure the certificate later.)
- On the "Configure URL" page, check the box for "Enable support for the SAML 2.0 WebSSO protocol". The wizard then asks for a Relying party SAML 2.0 SSO service URL. For the time being, provide a placeholder URL; we will return to this step later. Click Next.
- On the "Configure Identifiers" page, indicate that the "Relying party trust identifier" is
urn:auth0:vimeo:USER_ID
withUSER_ID
replaced by your Vimeo ID. Click "Next". - On the "Choose Access Control Policy" page, select "Permit everyone" and click "Next".
- Review the settings you provided on the "Ready to Add Trust page" and click "Next" to save your information. If you were successful, you'll see a message indicating that on the "Finish" page.
- Make sure that the "Configure claims issuance policy for this application checkbox" is selected, and click "Close".
Edit the Claim Issuance Policy
After you close the "Add Relying Party Trust" wizard, the "Edit Claim Issuance Policy" window appears.
- Click "Add Rule..." to launch the wizard.
- Select "Send LDAP Attributes as Claims for your Claim rule template", and click "Next".
- Provide a value for the "Claim rule name", such as "LDAP Attributes" (it can be anything you want).
- Choose "Active Directory" as your "Attribute Store".
- Map your LDAP attributes to the following outgoing claim types:
LDAP AttributeOutgoing Claim E-Mail-Addresses E-Mail Address Display-Name Name User-Principal-Name Name ID Given-Name Given Name Surname Surname - Click "Finish".
- In the "Edit Claim Issuance Policy" window, click "Apply". You can now exit out of this window.
Export the Signing Certificate
You'll need to export the signing certificate from the ADFS console and submit it at the bottom of this form.
- Using the left-hand navigation pane, go to "ADFS" > "Service" > "Certificates". Select the "Token-signing" certificate, and right click to select "View Certificate".
- On the "Details" tab, click "Copy to File...". This launches the "Certificate Export Wizard". Click "Next".
- Choose "Base-64 encoded X.509 (.CER)" as the format you'd like to use. Click "Next".
- Provide the location to where you want the certificate exported. Click "Next".
- Verify that the settings for your certificate are correct and click "Finish".
Edit the Relying Party Trust
- In the ADFS console, go to "ADFS" > "Relying Party Trusts" using the left-hand navigation pane. Select the Relying Party Trust you created earlier and click "Properties" (located on the right-hand navigation pane).
- Select the "Identifiers" tab, and populate the "Relying Party Identifier" with the Entity ID value from the previous screen (should be
urn:auth0:vimeo:USER_ID
withUSER_ID
replaced by your Vimeo ID). Be sure to click "Add" to add the identifier to your list. - Select the "Endpoints" tab, and select the placeholder URL you provided earlier. Click "Edit...".
- Populate the "Trusted URL" with
https://vimeo.auth0.com/login/callback?connection=USER_ID
whereUSER_ID
replaced by your Vimeo ID - Click "OK". Finally, click "Apply" and exit the Properties window.
Submit your details
Based on the instructions above, you can use this form to submit the required details.
Note: The sign in URL is usually in the form of https://your.adfs.server/adfs/ls
If you need to update any of this information during your onboarding process after initially submitted, please re-submit the form and notify your Account Manager and Technical Program Manager.