Vidyard supports SAML-Based Single Sign-On (SSO), which is a secure way to streamline your team’s sign-on and user-creation process.
If you're not familiar with this system, here's a quick rundown of some important terms before we start:
Single Sign-On (SSO):
SSO is an authentication process which lets users sign into multiple applications with a single set of credentials.
Security Assertion Markup Language (SAML):
SAML is a fast, secure, and popular SSO standard.
Identity Provider (IdP):
IdP refers to a service which provides the centralized authentication platform to manage user identities for your organization.
Enabling Single Sign-On Authentication means that your team’s credentials are stored with your IdP, and not with Vidyard. When a user wants to sign into Vidyard, they provide their username and password to their IdP, who verifies the user, and then tells Vidyard whether or not to let the user in. This way, the secure information can stay in one place. You can even keep your IdP behind a firewall so your users' credentials never have to leave the safety of your firewall.
With SAML-SSO Authentication enabled, your IdP will host your users’ information. This includes sign-on credentials, and also metadata, such as name, username, and the name of the role this user is assigned to. This means that user creation, deletion, and assigning user roles will be managed within your IdP. Contact your IdP admin to set your user roles, or to make changes to users.
Here's how your IdP creates a user in Vidyard:
When a user logs into Vidyard using your SSO application, your IdP will send that user's information and role metadata. If that user does not exist within your Vidyard group, Vidyard will instantly create a user account, and assign their role in real-time. If the user already exists, but is assigned a different role, that user will be moved to that role.
Note: If that user is not assigned a role in your IdP, Vidyard will assign that user to the Default Role.
Note: Your IdP Admin must create the user within the IdP before it can create a user within Vidyard.
Your Vidyard account is used to organize the users that your IdP sends along. This includes managing what the roles are within Vidyard, and which permissions each role has within the Vidyard platform. However, users cannot be moved between roles in Vidyard – these changes must be made in your IdP.
Note: Role names in Vidyard must be an exact match to the roles set in your IdP. Co-ordinate with your IdP admin to set or make changes to role names. This is character and case-sensitive.
To set role permissions:
Any user logged into Vidyard with a successful SAML authentication who does not have a role assigned in the IdP will be assigned the default role.
To set the default role: