Single Sign-On with OTT allows you to bring your own Identity Provider (IdP) to connect to your Enterprise Vimeo OTT account. Enabling this feature will redirect all Customers who are signing in to use your Identity Provider as the primary means of authentication.
If you are using the Identity Provider Azure AD for your SSO service, this article will teach you how to configure your integration. For more information about granting Entitlements with Single Sign-On, please see our primary Configuring SSO documentation.
In this article:
- Login to your Azure AD interface and visit link: https://portal.azure.com/
- Under the Azure Services heading, you will find an option called Azure Active Directory. Click on that.
Inside this Default Directory Overview section, focus on the left nav bar and we will be able to find a subsection in the navigation called Manage. Under that subsection, choose the option for Enterprise applications.
- Find and choose the “+ New application” option on this screen. This can be located inside All applications sub-menu in the left navigation options which is located inside Manage subsection.
- We land on a Browse Azure AD Gallery screen. Choose the “+ Create your own application” option.
- This wizard asks to provide a name for the application that we are going to create. We will provide the site title of our Vimeo OTT site here, such as “Purple Fitness."
Choose the option for: “Integrate any other application you don't find in the gallery (Non-gallery)”. And then click on the “Create” button. This step can take a few minutes to complete.
After the application has been created, choose the option named “Set up single sign on” located under the “Get started” header.
- Choose the “SAML” option.
- You should now be on a page title “SAML-based Sign on”. This page is divided into three sections. Basic SAML Configuration, User Attributes & Claims and SAML Signing Certificate.
Choose Edit from the “Basic SAML Configuration” area.
- Provide the values into this form from your Vimeo OTT Settings page, under Single Sign On.
Copy the value of “SP entity ID” from Vimeo OTT admin and paste this value in the “Identifier (Entity ID)” field in the Azure AD SAML setup form. Select the “Default” checkboxfor the new value entered. If an existing default value exists, remove it.
- Copy the value of “SAML Consumer URL” from your Vimeo OTT admin and paste it into the “Reply URL (Assertion Consumer Service URL)” field of the Azure form.
- Type in the “/login” url of your OTT site in the “Sign On URL” field. Like one shown below and then “Save” your changes.
Now Part One of the form is completely set up. It should look similar to the image below after clicking “Refresh”.
Now edit the “User Attributes & Claims” section. Start by clicking the “Edit” option inside of the User Attributes & Claims section.
Remove every entry from the “Additional claims” section. Click on the triple dot icon to reveal the option to delete the entry.
Configure the value for “Required claim” first. Click the “Unique User Identifier (Name ID)” text.
This will open the Manage claim page that should look like the one shown below. We will modify this to have a “Persistent” value for the “Name identifier format” field. And we will select the “user.mail” value for the “Source attribute” field.
When complete, the form should look like this:
- Save the changes. Now the “User Attributes & Claims” page should look like the following.
- Now click on “Add new claim”. It will show a form, for the Name field enter "fullName" and for the Source attribute field enter "user.givenname". Save the claim settings.
Add a second claim by, again, clicking on “Add new claim”. For the Name field enter "id" and for the Source attribute field enter "user.objectid". Save your claim settings.
- After saving, you have a page similar to the one shown below.
At this point, Azure will ask if you want to test the connection. Before doing so, you need to set up our OTT.
- To start, copy the “App Federation Metadata URL” value from Azure AD and then head over to your Vimeo OTT Single Sign On settings page in another tab.
- In your Vimeo OTT Single Sign On Settings, find the option for “Configure using” and select “Metadata URL”. Paste in the App Federation Metadata URL you just copied and click on the “Retrieve” button. This will fill up many of the required fields of the form.
- Fill out the rest of the Single Sign-On settings such as Support Email and any Default Products you wish to offer to Customers. Remember to “Save”.
Return to your Azure AD and navigate to the “Users and groups” section. Use “+ Add user/group” to add the correct set of users for this SAML application.
In Azure AD, return to the “Single Sign On” section from the left navigation options and find the option to test integration. Click on the “Test” button.
This will open a wizard like one shown below. Before continuing with any of the methods make sure that you are logged out from your Vimeo OTT site in the current browser.
- If every step was followed correctly, you and your Customers should be able to login now.
- Don't forget to Enable your SSO configuration in your Vimeo OTT Settings when you're ready to make this live for Customers.