Single Sign On (SSO) is an authentication process that grants users access to multiple software programs through a single set of login credentials.
SSO eliminates the need for users to remember and update several sets of usernames and passwords. It also allows organizations greater control over the administration of users and the allocation of company tools.
Vidyard's SSO (SAML 2.0) feature allows you to manage both user-creation and the sign-in process through your existing Identity Provider tool (IdP).
You can also pass custom attributes from your IdP to Vidyard to indicate both what team a user belongs to and allocate a GoVideo seat (if applicable).
- You must be a member of the Admin team
Create an SSO profile
A "profile" is an SSO configuration. If necessary, you can create multiple SSO profiles to manage user authentication—for example, if your company manages more than one IdP. However, in most cases, you will only require one profile.
- From the Vidyard dashboard, select Admin > Single Sign On
- Click on Add Profile
- Give your profile a name
- Provide your IdP with the ACS URL from Vidyard
- Remember that every IdP is different; it may require that you add the URL to more than one type of field during set up.
- Obtain the X.509 Certificate and SAML Endpoint URL from your IdP and enter them into the fields provided in Vidyard.
- Click Save Changes
Assign users to a Team
To assign users to a Team, you will need to configure your IdP to pass a custom attribute to Vidyard in the format of
If you have a paid subscription to GoVideo, you can also grant a user a GoVideo seat with the custom attribute
- Select Multiple to assign users to different Teams using the
- Use the dropdown menu to select what Team a user will be assigned to should they sign in without a valid
Note: every IdP has its own way to pass custom attributes as part of the SAML assertion to a service provider app (i.e. Vidyard). Consult with your IdP vendor if you need help understanding how to use custom attributes.
Does Vidyard sign users out after a duration of inactivity?
- Yes. A user's session will timeout after 24 hours. After that time, a user will be required to sign in again.
Does Vidyard require identities to be provisioned and de-provisioned in its database?
- Vidyard supports account provisioning through any SAML IdP. Just-in-time provisioning creates an account upon a successful SAML assertion.
- If disabled in the IdP, a user's account will remain in Vidyard but will be inaccessible. Because we cannot delete a user in Vidyard via the IdP, an administrator will have to manually remove the user's account from Vidyard thereafter.
Does Vidyard honor both IDP & SP workflows or one over the other?
- Vidyard allows for both IdP-initiated sign in and SP-initiated sign in. In other words, while the user has an active role in your IdP, the user may sign in through either the IdP or through Vidyard directly.