Set up SSO for your Video Hub with Microsoft Azure AD
By integrating your Vidyard Video Hub with SAML SSO (Single Sign-On), you can provide authenticated access to your videos through your existing identity provider (IdP). If you use Microsoft Azure AD as your SSO IdP, follow these steps to set up SSO for your video hub.
Each hub that you configure will appear as a separate app in Microsoft Azure, allowing you to restrict access on a per hub basis. Before creating the app in Azure, your Vidyard Video Hub must first be configured to force authentication.
Enable SAML 2.0 on your Video Hub
- From the Vidyard dashboard, select Channels > Hubs.
- Click on the name of the hub you wish to modify, then select Sharing.
- Under Access, click Change.
- Select Single Sign On (SSO) Users, then select Update.
- Click Add Profile. You'll be using the provided URLs here when setting up your SAML app in Azure, and using some URLs from Azure to complete this profile. In the next section, we'll go over creating the SAML app in Azure, and will come back to complete this profile in Vidyard. It's a good idea to open Azure in another tab to keep this profile open.
Create a SAML application in Microsoft Azure
Once your hub has been configured for SSO, you’ll need to create an application for your hub in Microsoft Azure so that users can authenticate using their Azure credentials. You will be copying and pasting configuration details between Vidyard and Microsoft Azure.
Step 1: Create a SAML application in Azure
- Login in to Microsoft Azure using an administrator account
- Click Azure Active Directory and then choose Enterprise Applications from the left hand menu.
- Then choose + New application.
- Choose + Create your own application.
- Enter a name for your application.
- Make sure to select the option that says "Integrate any other application you don't find in the gallery (Non-gallery)".
Note: If Azure suggests a gallery app called Vidyard, don't choose this option but continue to create your own. - Choose Set up Single Sign On.
- For the single sign on method, choose SAML.
Step 2: Configure the SAML app in Microsoft Azure
- Click Edit beside Basic SAML Configuration.
- In a new browser tab, return to Vidyard and open the Sharing settings for your video hub. If you haven't done so already, click Add Profile to create a new SSO profile.
- The next step is to copy the details from the Vidyard profile into the SAML app in Azure:
- Copy the Issuer/Metadata URL from Vidyard into the Identifier/Entity ID field in Azure. You will need to click Add Identifier to add this value.
- Copy the ACS URL from Vidyard into the Reply URL (Assertion Consumer Service URL) field in Azure. You will need to click Add Reply URL to add this value.
- Copy the SSO User Login Page URL from Vidyard into the Sign on URL (Optional) field in Azure.
- Copy the URL of your hub from Vidyard into the Relay State (Optional) field in Azure. Leave a trailing / at the end of the URL. For example, if your hub URL is mycompany.hubs.vidyard.com, the URL in the Relay State (Optional) field should read https://mycompany.hubs.vidyard.com/.
- Leave the Logout URL (Optional) field in Azure blank.
URL in Vidyard Corresponding field name in Azure Issuer/Metadata URL Identifier/Entity ID ACS URL Reply URL (Assertion Consumer Service URL) SSO User Login Page URL Sign on URL Vidyard Hub URL (Open your video hub in a new window and copy the URL) Relay State N/A (leave the field blank) Logout URL
Step 3: Modify the claims
- Click Edit next to the Attributes & Claims section.
- Click on the Claim labelled Unique User Identifier (Name ID).
- Change the Source attribute to user.mail, and then click Save.
- The other attributes and claims can be left as is.
Step 4: Obtain the X.509 Certificate
- Locate the SAML Signing Certificate section in the Single Sign On settings for your app in Azure.
- Click Download beside Certificate (Base64).
- Open the certificate you downloaded in a text editor application.
- Select everything (including BEGIN CERTIFICATE and END CERTIFICATE) and copy it. Paste it into the X.509 Certificate field in Vidyard.
Step 5: Obtain the SAML Endpoint URL
- In Single Sign On settings for your app in Azure, find the Set Up section.
- Copy the Login URL.
- Paste this value into the SAML Endpoint URL in Vidyard.
- You can now go ahead and save your SSO Profile in Vidyard.
Step 6: Assign users to your SAML application
Assigning users to your new SAML application will allow them to sign in to your video hub using their Microsoft Azure credentials.
- From your application's menu, select Users and Groups > + Add user/group.
- Click on User, Group, or Role, and search using a name of email address.
- Select the desired user(s), group(s), or role(s), and then choose Assign.
Added users will now be able to access your video hub using their Microsoft Azure credentials.
Test your Vidyard hub with SSO
- Click Test.
- Choose from the available options to test with the user you're currently signed in with, or with another user.
- Alternatively, you can copy the URL for your video hub and paste that into a browser, and then log into your Microsoft Azure account. This will mimic the experience of a viewer of your hub.