Set up SSO for your Video Hub with Microsoft Azure AD

Avatar
Brendan O'Driscoll
Who Can Use This Feature?
Self-Service Plans
Free Pro Plus
Business Plans
Essentials (with add-on) Growth (with add-on) Enterprise (with add-on)
Users must have the Edit video hubs permission enable

By integrating your Vidyard Video Hub with SAML SSO (Single Sign-On), you can provide authenticated access to your videos through your existing identity provider (IdP). If you use Microsoft Azure AD as your SSO IdP, follow these steps to set up SSO for your video hub.

Each hub that you configure will appear as a separate app in Microsoft Azure, allowing you to restrict access on a per hub basis. Before creating the app in Azure, your Vidyard Video Hub must first be configured to force authentication.

The following steps assume you have set up and configured a video hub. For more information, refer to our article on How to Set up a Video Hub.


Enable SAML 2.0 on your Video Hub

  1. From the Vidyard dashboard, select  Channels > Hubs.
    Channels menu in Viydard with Hubs selected
  2. Click on the name of the hub you wish to modify, then select Sharing.
  3. Under Access, click Change.
    Access menu in Hub Sharing settings
  4. Select Single Sign On (SSO) Users, then select Update.
    Access settings for hub with Single Sign On users selected
  5. Click Add Profile. You'll be using the provided URLs here when setting up your SAML app in Azure, and using some URLs from Azure to complete this profile. In the next section, we'll go over creating the SAML app in Azure, and will come back to complete this profile in Vidyard. It's a good idea to open Azure in another tab to keep this profile open.
Note: The Use HTTPS for all requests toggle must also be enabled in order to use SSO.

If you are using a CNAME for your video hub domain, please contact Vidyard Support. Further steps are required to create a secure connection between your chosen domain and Vidyard's.


Create a SAML application in Microsoft Azure

Once your hub has been configured for SSO, you’ll need to create an application for your hub in Microsoft Azure so that users can authenticate using their Azure credentials. You will be copying and pasting configuration details between Vidyard and Microsoft Azure.

Step 1: Create a SAML application in Azure

  1. Login in to Microsoft Azure using an administrator account
  2. Click Azure Active Directory and then choose Enterprise Applications from the left hand menu. 
  3. Then choose + New application.
    New application button from the Enterprise Application page in Azure
  4. Choose + Create your own application.
    Create your own application button in Azure
  5. Enter a name for your application.
  6. Make sure to select the option that says "Integrate any other application you don't find in the gallery (Non-gallery)".
    Create application menu in Azure, with Integrate any other application you don't find in the gallery (Non-gallery) option selected.
    Note: If Azure suggests a gallery app called Vidyard, don't choose this option but continue to create your own.
  7. Choose Set up Single Sign On.
  8. For the single sign on method, choose SAML.

Step 2: Configure the SAML app in Microsoft Azure

  1. Click Edit beside Basic SAML Configuration.
    Basic SAML Configuration in Azure, with Edit button.
  2. In a new browser tab, return to Vidyard and open the Sharing settings for your video hub. If you haven't done so already, click Add Profile to create a new SSO profile. 
  3. The next step is to copy the details from the Vidyard profile into the SAML app in Azure: 
    • Copy the Issuer/Metadata URL from Vidyard into the Identifier/Entity ID field in Azure. You will need to click Add Identifier to add this value.
    • Copy the ACS URL from Vidyard into the Reply URL (Assertion Consumer Service URL) field in Azure. You will need to click Add Reply URL to add this value.
    • Copy the SSO User Login Page URL from Vidyard into the Sign on URL (Optional) field in Azure.
    • Copy the URL of your hub from Vidyard into the Relay State (Optional) field in Azure. Leave a trailing / at the end of the URL. For example, if your hub URL is mycompany.hubs.vidyard.com, the URL in the Relay State (Optional) field should read https://mycompany.hubs.vidyard.com/.
    • Leave the Logout URL (Optional) field in Azure blank.
      URL in Vidyard Corresponding field name in Azure
      Issuer/Metadata URL Identifier/Entity ID
      ACS URL Reply URL (Assertion Consumer Service URL)
      SSO User Login Page URL Sign on URL
      Vidyard Hub URL (Open your video hub in a new window and copy the URL) Relay State
      N/A (leave the field blank) Logout URL
      Basic SAML Configuration fields completed.Once finished, click Save.

Step 3: Modify the claims 

  1. Click Edit next to the Attributes & Claims section.
  2. Click on the Claim labelled Unique User Identifier (Name ID)
  3. Change the Source attribute to user.mail, and then click Save
    Manage claim with Source attribute changed to user.mail
  4. The other attributes and claims can be left as is. 
    Completed Attributes and Claims settings

Step 4: Obtain the X.509 Certificate

  1. Locate the SAML Signing Certificate section in the Single Sign On settings for your app in Azure.
    SAML Signing Certificate settings
  2. Click Download beside Certificate (Base64).
  3. Open the certificate you downloaded in a text editor application.
  4. Select everything (including BEGIN CERTIFICATE and END CERTIFICATE) and copy it. Paste it into the X.509 Certificate field in Vidyard.

Step 5: Obtain the SAML Endpoint URL

  1. In Single Sign On settings for your app in Azure, find the Set Up section.
    Set up section in Single Sign on settings in Azure.
  2. Copy the Login URL.
  3. Paste this value into the SAML Endpoint URL in Vidyard.
  4. You can now go ahead and save your SSO Profile in Vidyard.

Step 6: Assign users to your SAML application

Assigning users to your new SAML application will allow them to sign in to your video hub using their Microsoft Azure credentials.

  1. From your application's menu, select Users and Groups > + Add user/group.
  2. Click on User, Group, or Role, and search using a name of email address. 
  3. Select the desired user(s), group(s), or role(s), and then choose Assign.

Added users will now be able to access your video hub using their Microsoft Azure credentials.

Test your Vidyard hub with SSO

  1. Click Test.
    Test section of Single Sign on settings in Azure.
  2. Choose from the available options to test with the user you're currently signed in with, or with another user. 
  3. Alternatively, you can copy the URL for your video hub and paste that into a browser, and then log into your Microsoft Azure account. This will mimic the experience of a viewer of your hub.

Need support

Submit a ticket or start a chat. We'll provide a self-serve resource or connect you with our support team, available 24x5.

Chat with Our Team