By integrating your Vidyard Video Hub with SAML SSO (Single Sign-On), you can provide authenticated access to your videos through your existing identity provider (IdP). If you use Microsoft Azure AD as your SSO IdP, follow these steps to set up SSO for your video hub.
Each hub that you configure will appear as a separate app in Microsoft Azure, allowing you to restrict access on a per hub basis. Before creating the app in Azure, your Vidyard Video Hub must first be configured to force authentication.
Note: The following steps assume you have set up and configured a video hub. For more information, refer to our article on How to Set up a Video Hub.
Enabled SAML 2.0 on your Video Hub
- From the Vidyard dashboard, select Channels > Hubs.
- Click Edit next to the hub you wish to modify.
- Click on the Security tab.
- From the Manage Users dropdown, select Single Sign On (SAML 2.0).
- Click Save.
Note: The Use HTTPS for all requests toggle must also be enabled in order to use SSO.
If you are using a CNAME for your video hub domain, please contact Vidyard Support. Further steps are required to create a secure connection between your chosen domain and Vidyard's.
Create an SSO application in Microsoft Azure
Once your hub has been configured for SSO, you’ll need to create an application for your hub in Microsoft Azure so that users can authenticate using their Azure credentials. You will be copying and pasting configuration details between Vidyard and Microsoft Azure.
Complete the steps below to create an Azure SSO application:
- Login in to Microsoft Azure using an administrator account
- In the left-hand menu, click Azure Active Directory > Enterprise Applications > + New application
- Choose Non-gallery application, provide an application name, then click Add
- In the left-hand menu of your application, click Single sign-on
- Select SAML-based Sign-on from the sign-on mode dropdown menu
- In a new browser tab, return to Vidyard and open the Security settings for your video hub. Provide your application in Azure with the SAML configuration details from Vidyard.
- In Azure select Show Advanced URL settings to reveal all the necessary fields
- Copy and paste the corresponding URLs from Vidyard into Azure:
SAML URL field in Vidyard Corresponding field in Azure Audience URL Identifier ACS URL (Consume) Reply URL Login URL Sign on URL Vidyard Hub URL (Open your video hub in a new window and copy the URL) Relay State - Back in Azure, change the User Identifier menu to user.mail.
- Click Save.
- Continue down the application settings page in Azure to download the SAML Signing Certificate and access your endpoint URLs.
- Click Certificate (Base64) to download your SAML certificate
- Open the certificate in a text editor. Select everything (including BEGIN CERTIFICATE and END CERTIFICATE) and paste it into X.509 Certificate field in Vidyard.
- Return to Azure and select Configure [your application name]
- Copy and paste the corresponding endpoint URLs from Azure into Vidyard:
Endpoint URLs in Azure Corresponding fields in Vidyard SAML Single Sign-On Service URL SAML Endpoint URL Sign-Out URL SLO URL - Click Save.
The security settings for your video hub should now register SSO as Complete.
Assign users to your SSO application
Assign users to your new SSO application. This will allow them to sign in to your video hub using their Microsoft Azure credentials.
From your application's menu:
- Select Users and Groups > + Add user
- Choose to assign by an existing user, group, or role, then search using a name or an email address; OR,
- Click + Invite to enter the email address of an external user and add them as a user in Microsoft Azure
- Click the user(s), group(s), or role(s) that you would like to assign to your application
- Click Select, then Assign
- Click Select, then Assign
Added users will now be able to access your video hub using their Microsoft Azure credentials.