By setting up your Vidyard Sharing Page with SAML SSO (Single Sign-On), you can provide authenticated access to videos on your sharing page through an existing SSO portal.
Establishing a secure sharing page with SSO requires two conditions:
- Step 1: Configure SSO at the parent group of your organization
- Because subgroup sharing pages inherit settings from the parent group, it is important to configure SSO at the parent level of your organization. This allows you the flexibility to then also decide whether some or all player(s) within a subgroup(s) should also be secure.
- Step 2: Secure the player(s) that, when shared, you intend users to access through SSO
- In any group for which SSO has been configured for sharing pages (whether directly or inherited from the parent), a player must first be secured before users are required to access its contents through single sign on. Players can be secured individually or across a group as a default setting.
- Branded Sharing Page feature enabled
- Edit Branded Sharing Pages role permissions enabled
- You must set a subdomain for your sharing page (whether a Vidyard subdomain or CNAME)
- The sharing page subdomain can be set in Channels > Sharing Page > Settings
Step 1: Configure SSO at the parent group
Before proceeding, ensure that you are first in the parent group of your organization (select Group > Change Group, if needed).
The set up process for SSO will differ depending on your Identity Provider (IdP). In all cases, however, the process requires you to provide several URLs from Vidyard to your IdP in exchange for an X.509 Certificate and an Endpoint URL.
Note: If also using a CNAME for your sharing page domain, please contact Vidyard Support. Further steps are required to create a secure connection between your chosen domain and Vidyard's.
CNAMEs are set under the branded sharing page Settings tab.
- From the Vidyard dashboard, select Channels > Sharing Page
- Select the Security tab
- Toggle Enable Single Sign On (SAML 2.0) to ON
- Provide both Vidyard and your IdP with the relevant SAML information.
- Notice the four Vidyard SAML URLs provided. When creating a new SSO application from your IdP, copy the appropriate URLs to your IdP.
- In exchange, retrieve from your IdP the X.509 Certificate and the SAML Endpoint URL. Copy these in their entirety into the SAML configuration fields provided in Vidyard. This includes any "Beginning" or "End of" text that may appear in the X.509 Certificate.
- Click Save Changes
Important: Individual IdPs may have different terms for the URLs provided in Vidyard. They may also only require some of the URLs provided. In other cases, your IdP may require all four.
Visit your IdP's support site if you need assistance understanding which values to provide from Vidyard as well as where to locate your X.509 Certificate and SAML Endpoint URL.
Step 2: Secure your player(s)
Secure an individual player
- Hover over a player and select Security (or select the Security tab within a player's settings)
- In the Restrictions tab under Secure Platform Whitelist, select Restrict to secure platforms. Then click Save.
You are now ready to share the selected player securely!
Secure players as a default setting
If you require all players within a group to be secured, you can enable secure players as a default setting.
Important: when enabling secure players as a default setting, keep in mind these behaviors:
- Changes to default players settings apply to all newly created players going forward. Changes to existing players will have to be applied manually.
- Similarly, disabling a default setting does not remove the behavior from any players to which it has already been applied.
- If players are secured as a default at the parent group, this behavior will inherit to all newly created players in all subgroups.
- If players are secured enabled as a default at the parent level, a user with the appropriate permissions may override the default behavior at the subgroup level.
- Alternatively: rather than inherit from the parent group, you may consider securing players as a default setting only at the subgroups for which it is required.
To secure players as a default setting:
- Toggle into the group for which the default setting will apply (Group > Change Group)
- From the Vidyard dashboard, select Content > Defaults
- In the General tab under Secure Platform Whitelist, select Restrict to secure platforms.
- Click Save.