Setting Up SSO: ADFS SAML Connection

Your users can access a Vimeo Enterprise showcase using a custom SAML connection to Microsoft's Active Directory Federation Services (ADFS). Our below instructions are customized to the settings of the Vimeo Enterprise product.

Add a Relying Party Trust

  1. Launch your instance of ADFS and start the "Add Relying Party Trust" wizard.
  2. On the "Welcome" page, choose "Claims aware" and click "Start".
  3. On the "Select Data Source" page, select "Enter data about the relying party manually" and click "Next".
  4. On the "Specify Display Name" page, provide a descriptive name for your relying party (the typical format is urn:auth0:vimeo:USER_ID) and a brief description under Notes. Be sure to replace USER_ID with your Vimeo ID. Click "Next".
  5. On the "Configure Certificate" page, click "Next". (We will come back to configure the certificate later.)
  6. On the "Configure URL" page, check the box for "Enable support for the SAML 2.0 WebSSO protocol". The wizard then asks for a Relying party SAML 2.0 SSO service URL. For the time being, provide a placeholder URL; we will return to this step later. Click Next.
  7. On the "Configure Identifiers" page, indicate that the "Relying party trust identifier" is urn:auth0:vimeo:USER_ID with USER_ID replaced by your Vimeo ID. Click "Next".
  8. On the "Choose Access Control Policy" page, select "Permit everyone" and click "Next".
  9. Review the settings you provided on the "Ready to Add Trust page" and click "Next" to save your information. If you were successful, you'll see a message indicating that on the "Finish" page.
  10. Make sure that the "Configure claims issuance policy for this application checkbox" is selected, and click "Close".

Edit the Claim Issuance Policy

After you close the "Add Relying Party Trust" wizard, the "Edit Claim Issuance Policy" window appears.

  1. Click "Add Rule..." to launch the wizard.
  2. Select "Send LDAP Attributes as Claims for your Claim rule template", and click "Next".
  3. Provide a value for the "Claim rule name", such as "LDAP Attributes" (it can be anything you want).
  4. Choose "Active Directory" as your "Attribute Store".
  5. Map your LDAP attributes to the following outgoing claim types:

    LDAP Attribute
    Outgoing Claim
    E-Mail-Addresses E-Mail Address
    Display-Name Name
    User-Principal-Name Name ID
    Given-Name Given Name
    Surname Surname
  6. Click "Finish".
  7. In the "Edit Claim Issuance Policy" window, click "Apply". You can now exit out of this window.

Export the Signing Certificate

You'll need to export the signing certificate from the ADFS console and submit it at the bottom of this form.

  1. Using the left-hand navigation pane, go to "ADFS" > "Service" > "Certificates". Select the "Token-signing" certificate, and right click to select "View Certificate".
  2. On the "Details" tab, click "Copy to File...". This launches the "Certificate Export Wizard". Click "Next".
  3. Choose "Base-64 encoded X.509 (.CER)" as the format you'd like to use. Click "Next".
  4. Provide the location to where you want the certificate exported. Click "Next".
  5. Verify that the settings for your certificate are correct and click "Finish".

Edit the Relying Party Trust

  1. In the ADFS console, go to "ADFS" > "Relying Party Trusts" using the left-hand navigation pane. Select the Relying Party Trust you created earlier and click "Properties" (located on the right-hand navigation pane).
  2. Select the "Identifiers" tab, and populate the "Relying Party Identifier" with the Entity ID value from the previous screen (should be  urn:auth0:vimeo:USER_ID with USER_ID replaced by your Vimeo ID). Be sure to click "Add" to add the identifier to your list.
  3. Select the "Endpoints" tab, and select the placeholder URL you provided earlier. Click "Edit...".
  4. Populate the "Trusted URL" with where USER_ID replaced by your Vimeo ID
  5. Click "OK". Finally, click "Apply" and exit the Properties window.

Submit your details

Based on the instructions above, you can use this form to submit the required details.

Note: The sign in URL is usually in the form of  https://your.adfs.server/adfs/ls

If you need to update any of this information during your onboarding process after initially submitted, please re-submit the form and notify your Account Manager and Technical Program Manager.