Vidyard recently switched to a new user interface. Click here to compare the previous and current menu.

Manage users and roles with SAML-based SSO authentication

Vidyard supports SAML-Based Single Sign-On (SSO), which is a secure way to streamline your team’s sign-on and user-creation process.

Important terms

If you're not familiar with this system, here's a quick rundown of some important terms before we start: 

Single Sign-On (SSO):
SSO is an authentication process which lets users sign into multiple applications with a single set of credentials. 

Security Assertion Markup Language (SAML):
SAML is a fast, secure, and popular SSO standard.

Identity Provider (IdP):
IdP refers to a service which provides the centralized authentication platform to manage user identities for your organization.

What does this mean for you? 

Enabling Single Sign-On Authentication means that your team’s credentials are stored with your IdP, and not with Vidyard. When a user wants to sign into Vidyard, they provide their username and password to their IdP, who verifies the user, and then tells Vidyard whether or not to let the user in. This way, the secure information can stay in one place. You can even keep your IdP behind a firewall so your users' credentials never have to leave the safety of your firewall. 

How to manage users and roles within Vidyard

Creating users and assigning roles

With SAML-SSO Authentication enabled, your IdP will host your users’ information. This includes sign-on credentials, and also metadata, such as name, username, and the name of the role this user is assigned to. This means that user creation, deletion, and assigning user roles will be managed within your IdP. Contact your IdP admin to set your user roles, or to make changes to users.

Here's how your IdP creates a user in Vidyard:
When a user logs into Vidyard using your SSO application, your IdP will send that user's information and role metadata. If that user does not exist within your Vidyard group, Vidyard will instantly create a user account, and assign their role in real-time. If the user already exists, but is assigned a different role, that user will be moved to that role.
Note: If that user is not assigned a role in your IdP, Vidyard will assign that user to the Default Role.
Note: Your IdP Admin must create the user within the IdP before it can create a user within Vidyard. 

Your Vidyard account is used to organize the users that your IdP sends along. This includes managing what the roles are within Vidyard, and which permissions each role has within the Vidyard platform. However, users cannot be moved between roles in Vidyard – these changes must be made in your IdP.

Setting role permissions

Note: Role names in Vidyard must be an exact match to the roles set in your IdP. Co-ordinate with your IdP admin to set or make changes to role names. This is character and case-sensitive.

To set role permissions:

  1. In the Group menu, click Groups and Users.
    In the Group menu, click Groups and Users. 
  2. In the Permissions page, click Edit Permissions beside the role you wish to configure.
    Edit Permissions button.  
  3. Toggle the ON/OFF switches to select the permissions for a given role.
    Caution: We strongly recommend that you set "Manage Single Sign-On" to OFF for any non-Administrator roles. This permission has the ability to disable Single Sign-On for your group.
    Toggle Manage Single Sign-On switch. 
  4. Click Save.

Setting the Default Role 

Any user logged into Vidyard with a successful SAML authentication who does not have a role assigned in the IdP will be assigned the default role. 

To set the default role: 

  1. In the Group menu, click Single Sign On.
  2. In the Default Role section, select the user you want to set as the Default Role from the dropdown menu.
    Selecting a default role from the dropdown.

Was this article helpful?

Can’t find what you’re looking for? Please contact us below.

Email Vidyard Support
Why you didn't like the article?
  • No, Thanks