ViewedIt is now Vidyard GoVideo! Click here to learn more.

Manage users and roles with SAML-based SSO authentication

Vidyard supports SAML-Based Single Sign-On (SSO), a secure way to streamline your team’s sign-on and user-creation process.

Important terms

If you're not familiar with this system, here's a quick rundown of some important terms before we start: 

Single Sign-On (SSO):
SSO is an authentication process which lets users sign into multiple applications with a single set of credentials. 

Security Assertion Markup Language (SAML):
SAML is a fast, secure, and popular SSO standard.

Identity Provider (IdP):
IdP refers to a service which provides the centralized authentication platform to manage user identities for your organization.

What does this mean for you? 

  • Enabling Single Sign-On Authentication means that your team’s credentials are stored with your IdP, and not with Vidyard. 
  • When a user wants to sign into Vidyard, they provide their username and password to their IdP, who verifies the user, and then tells Vidyard whether or not to let the user in. 
  • This way, the secure information can stay in one place. You can even keep your IdP behind a firewall so your users' credentials never have to leave the safety of your firewall. 

How to manage users and roles within Vidyard

Creating users and assigning roles

With SAML-SSO Authentication enabled, your IdP will host your users’ information. This includes sign-on credentials and metadata, such as name, username, and the name of the role to which users are assigned.

Important: This means that user creation, deletion, and assigning user roles will be managed within your IdP. Contact your IdP admin to set your user roles or to make changes to users.
Here's how your IdP creates a user in Vidyard:

  • When a user logs into Vidyard using your SSO application, your IdP will send that user's information and role metadata. 
  • If that user does not exist within your Vidyard group, Vidyard will automatically create a user account, and assign their role in real-time. 
  • If the user already exists in Vidyard but is assigned a different role in your IdP, the user will be re-assigned to the role specified by your IdP.
    Note: If that user is not assigned a role in your IdP, Vidyard will assign that user to the Default Role set within the SSO configuration in Vidyard.
    Note: Your IdP Admin must create the user within the IdP before it can create that user an account within Vidyard. 

Your Vidyard account is used to organize the users that your IdP sends along. This includes managing what the roles are within Vidyard, and which permissions each role has within the Vidyard platform. However, users cannot be moved between roles in Vidyard – these changes must be made in your IdP.

Setting role permissions

Important: Role names in Vidyard must be an exact match to the roles set in your IdP. Coordinate with your IdP admin to set or make changes to role names. This is character, case, and space-sensitive.

To set role permissions:

  1. In the Group menu, click Groups and Users.
    In the Group menu, click Groups and Users. 
  2. In the permissions page, click Edit Permissions beside the role you wish to configure.
    Edit Permissions button.  
  3. Toggle the ON/OFF switches to select the permissions for a given role.

    CAUTION: We strongly recommend that you set Manage Single Sign-On to OFF for any non-administrator roles. This permission has the ability to disable Single Sign-On for your group.
    Toggle Manage Single Sign-On switch.
  4. Click Save.

Setting the Default Role 

Any user logged into Vidyard with a successful SAML authentication who does not have a role assigned in the IdP will be assigned the default role.

To set the default role: 

  1. In the Group menu, click Single Sign On.
  2. In the Default Role section, select the user you want to set as the Default Role from the dropdown menu.
    Selecting a default role from the dropdown.

Manage GoVideo Users with Single Sign-On

GoVideo Enterprise customers with Single Sign-On enabled must also invite users to GoVideo using their IdP.

To invite GoVideo users using SSO:

  1. From the Vidyard Dashboard select Group > Groups and Users > then click + Add Role (or configure an existing role for GoVideo)
  2. To the right side of the role, select Options, then Edit Permissions 
  3. Ensure that the Send GoVideo Invite toggle is switched to ON 
    Permission switch for "Send ViewedIt Invite"
  4. In your IdP, assign any users that you wish to invite to GoVideo to the role with the Send GoVideo Invite permission enabled.
    Note: When a user assigned to this role logs into the Vidyard platform through SSO, they will receive an invitation to GoVideo from their administrator.




Was this article helpful?

Can’t find what you’re looking for? Please contact us below.

Email Vidyard Support
Why you didn't like the article?

If you would like Vidyard to get in contact with you regarding your feedback, please enter your email address.

  • No, Thanks