You can use single sign on (SSO) with Vidyard to simplify the sign-in process and allow users to access their account with the same credentials they use every day.
To set up SAML SSO, your user must:
- Have access to the top-level parent folder in the account
- Belong to a team with the Manage SSO setting enabled
Create an SSO profile
A "profile" is an SSO configuration that maps to an application in your IdP. If necessary, you can create multiple SSO profiles to manage user authentication—for example, if your company manages more than one IdP. However, in most cases, you may only require one profile.
- Sign in to your Vidyard account
- If you are not already, switch into the account’s top-level parent folder
- Select Admin > Single Sign On from the main menu, then click on Add Profile
- Give your profile a name
- Provide your IdP with the ACS URL + Entity ID URL from Vidyard
- Obtain the X.509 Certificate and SAML Endpoint URL from your IdP and paste into the fields provided in Vidyard
- Click Save
Assigning users to a Team
There are 2 ways to assign users to a Team in Vidyard with SSO:
- Add a custom attribute in your identity provider (IdP) that specifies which team a group of users belongs to
- Create an SSO profile for each team in Vidyard
Use a custom attribute to specify your users’ teams
Most IdPs allow you to add a custom attribute (sometimes called a custom “field” or “claim”) to a user or group of users’ profiles. The attribute is then included in the SAML assertion that gets sent from your IdP to the service provider's app — in case this, Vidyard.
Create a custom attribute in your IdP with the name
vyTeam. The corresponding value should be the name of the team in Vidyard that you want to assign users to.
Example: attribute name =
vyTeam, value =
Additionally, each SSO profile allows you to set a fallback team. If a user signs in to Vidyard through your IdP without a valid
vyTeam attribute, the user will be assigned to the fallback team instead.
- Under Fallback Team, open the dropdown menu and select a team from the list
- Select Save to confirm
If you are unsure how to use SAML custom attributes, consult with your IdP vendor for more information. Here’s some documentation on how to use custom attributes with common IdPs.
|Identity Provider||How to use custom attributes|
|Okta||Add custom attributes to a user profile or group profile|
|Create custom attributes for user profiles|
|Azure||Use custom claims based user type and group|
|OneLogin||Create custom user fields|
Create an SSO profile for each Team in Vidyard
Alternatively, if you are unable to use custom attributes with your IdP, you can instead create an SSO profile for each team that you need to assign users to in Vidyard.
vyTeam attribute, users will be automatically assigned to the fallback team that you select within each SSO profile.
For example, if you have 2 teams (Admins and Users):
- Create an SSO profile for each team
- This should give you 2 apps in your IdP (one for each team in Vidyard)
- Set a fallback team for each SSO profile (one for Admins, another for Users)
- Assign users to each app in your IdP according to the Vidyard team you want them to belong to
Accepted SAML attributes
Vidyard accepts 1 required and 1 optional attribute in the SAML assertion from your IdP. All other attributes are ignored.
Enable SP-initiated sign in
SP-initiated sign-in allows users to authenticate via your identity provider directly from Vidyard’s sign-in page and any of Vidyard's apps (browser extension, desktop app, mobile app, +more). Users who select Continue with SSO are directed to your identity provider to sign in (if not already). Then, if successful, they are sent back to Vidyard and let into their account.
- Once you set up and configure an SSO profile(s), SP-initiated sign-in should be available for your users. If users cannot Continue with SSO from Vidyard's sign-in page within 24 hours, contact our Support Team; we'll need to add your company's email domain(s) to an allowlist.
- As you add new users to your account, they must use IdP-initiated sign in the first time they access Vidyard. This will provision a new user. Once their user has been created, they can use SP-initiated sign in going forward.
Restrict users to SSO sign-in
Organizations with enhanced security requirements may require that users only sign in to Vidyard through their SSO identity provider.
Once SSO has been set up successfully, any new users that you provision through your identity provider are automatically
restricted and must sign-in to Vidyard with SSO. All other sign-in options are disabled (email + password, or third-party authentication like Google, Apple, LinkedIn or Microsoft).
If there are users that signed up for Vidyard or were added to your account prior to SSO being enabled, these users are classified as
unrestricted and can continue to use all available sign-in methods.
You may contact our Support Team to request that pre-existing users become
restricted and must authenticate with SSO, disabling all other sign-in options.
To ensure SSO is the only sign-in method going forward, continue to provision users through your identity provider. Any users directly added to Vidyard from the Users page (Admin > Users), even after SSO has been enabled, will be
unrestricted and allowed to sign in with alternate methods.
Supported SSO capabilities
Below is table that outlines Vidyard’s supported SSO capabilities
|SSO feature||Level of support|
|Provisioning & de-provisioning||Vidyard supports Just In Time (JIT) provisioning to create and update users through SAML. JIT applies changes made to a user’s profile in your IdP when the user next signs in to their Vidyard account.
De-provisioning users is currently not supported.
|Single Logout (SLO)||Not supported|
|IdP and SP-initiated sign-in||Vidyard supports both IdP and SP-initiated sign in.
If you don't have SP-initiated sign-in available, contact our support team to add your company’s email domain to an allowlist.
Delete an SSO profile
If you need to, you can delete an SSO profile. But be careful — if you have enforced SSO as a sign-in option, users associated with the profile will no longer be able to sign in to their accounts.
Make sure you set up an alternate profile with your IdP before deleting an existing profile. Alternatively, in the absence of SSO, you may want to contact Vidyard Support to un-restrict users and allow for alternative sign-in methods (email + password, for example).
- From the main menu in Vidyard, select Admin > Single Sign On
- Select Manage next to an active profile
- Open the menu in the top-right corner (the three dots), then select Delete
- Select Delete again to confirm