SSO can be helpful if you operate several platforms and want to provide your users with a single login experience. If you have a separate login portal or you are someone who creates video collections for internal communications you will find this experience helpful.
You can manage user logins outside Vimeo OTT by configuring third-party authentication services (single sign-on / SSO) for your OTT site. When you have SSO enabled, all Customers will be redirected to the third-party identity provider to authenticate their accounts before they can watch content. If your site contains multiple destinations, SSO will allow your Customers to use the same login across them all.
In order to leverage SSO, you will need an Enterprise account on Vimeo OTT. You will also need to be set up with an Identity Provider service, such as Okta, OneLogin, or Amazon Cognito. To be used with OTT, your identity provider must support SAML or OpenID Connect as the delivery method. If you have questions about SSO please consult your IT department or OTT Account Manager.
OTT sellers using this integration must agree to provide their own buyer support. Information on how support works can be found here.
In this article:
- Glossary of Terms:
- Payments on OTT with SSO
- Configuring your OTT Site for Single Sign-On
- Configuring Vimeo OTT
Glossary of Terms:
- SSO - Single Sign-On - a shorthand for allowing Customers to share one credential across multiple destinations through the usage of an Identity Provider.
- IdP - Identity Provider - your third-party authentication service; such as Okta, OneLogin, Amazon Cognito, Microsoft Azure, Keycloak, et al.
- SP - Service Provider - this is in reference to your Customer destination. For our purposes, this references your OTT Site.
- SAML - Security Assertion Markup Language - an industry-standard format for delivering secure information between your IdP and the SP.
- OIDC - OpenID Connect - an alternate industry-standard format for delivering secure information between your IdP and the SP, based on OAuth 2.0 standards.
- Authentication - the process by which your Customer is validated as legitimate. This is generally an email and password. Note, authentication only provides validation that a Customers existence is valid, it does not signify what content they should have access to.
- Entitlement - the process by which your Authenticated Customer is given access to certain content. With Vimeo OTT, this may be your Subscription video or a specific TVOD product or both.
If you are not familiar with Single Sign-On, this diagram provides a high-level overview of the experience:
In the above scenario, the Customer requests to Sign In, is redirected to your IdP, authenticates against your Identity Provider database and is then sent back to your Vimeo OTT Site to start watching.
Payments on OTT with SSO
While configuring your OTT Site with SSO, please keep in mind that all customer authentication must originate from your Identity Provider and therefore customers must be created in the IDP.
When enabling SSO, you will have the option to choose either "I am using OTT to collect payments" or "I am using my own third party checkout system." If you select the former, customers will not be able to checkout via the OTT checkout form until they are logged in (and therefore signed up) via the IDP. If you select the latter, all Product checkout pages will be redirected entirely to your own Payment gateway. For more information about adding redirects for your Products, please see our articles on Managing Your Own Payments.
Configuring your OTT Site for Single Sign-On
There are many different Identity Providers available. As long as your IdP is capable of providing authentication through a SAML or OIDC interface (most are), the following instructions will help to guide you through the connection process.
To begin, make sure you have an account already registered with your Identity Provider. Vimeo OTT can not troubleshoot your account nor provide technical support on populating your Identity Provider with user information.
Please refer to the following articles to continue:
Before you enable Single Sign-On, please ensure that all of your Customers exist within your IdP beforehand. If you are enabling SSO for your Site and have not migrated your Customers to your IdP they will suffer service interruption.
Use the Customers export tool in your OTT CMS to retrieve the latest list of your Customers.