Vimeo - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vimeo using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization
To set up Multi-Pass with Vimeo, ensure you meet the following requirements:
- Vimeo admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Vimeo are registered in your IdP and have the necessary permissions to access Vimeo.
- This new SSO experience is currently available only to new customers on Vimeo. If you set up SSO before April 2024, you will receive this experience later this year with a migration guide. To switch early, contact your Vimeo Account Manager.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Vimeo - SSO configuration
Step 1 - Create the Vimeo SAML Connection & Configure Multi-Pass as IdP
- In Vimeo, go to Team Management,
- Click on Settings and reach Single Sign-On.
- Click +Create Connection and name it (e.g., Multi-Pass).
- Copy the Entity ID and ACS URL shown under Vimeo Metadata (you will paste them into Multi-Pass).
Vimeo also shows a Single Logout URL (optional). SLO ends Vimeo sessions as soon as users log out of your IdP (see “How to control session duration”).- Select your tenant
- Go to Integrations, on the left side of your screen, click on Applications
- Add Application (SAML).
- Complete the form with the information below :
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | Paste Vimeo’s Entity ID |
| Name | Vimeo |
| Description | SSO integration |
| Assertion Consumer Service URL | Paste Vimeo’s ACS URL |
| NameID Policy Format | email |
- download the Multi-Pass IdP metadata (XML)
- Click on "Add integration"
- Go to the advanced console by clicking on the right side of your screen
- Click on Client and use the search bar to fin Vimeo
- Make sure all the fields are well completed :
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | Copy from Vimeo Metadata (Entity ID) |
Name | Vimeo |
| Description | SSO integration |
Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | Paste Vimeo’s ACS URL |
| IDP-Initiated SSO URL Name | <APP_NAME> |
| Valid post logout redirect URIs | Paste Vimeo’s Single Logout URL if used (Optional) |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Click on the "Keys" tab and make sure both parameters are switched to OFF
- Then move to the advanced tab
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (ACS) = Paste Vimeo’s ACS URL
- Finally move the tab "client scope"
- Select the line corresponding to your client
- Click on "configure a new mapper"
- Select "user attribute", we will create two different user attribute for firstName and lastName.
- Complete the form :
firstName
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | user.firstName |
| User Attribute | firstName |
| Friendly Name | user.firstName |
| SAML Attribute Name | user.firstName |
lastName
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | user.lastName |
| User Attribute | lastName |
| Friendly Name | user.lastName |
| SAML Attribute Name | user.lastName |
Step 2 - Finalise VIMEO's configuration, test, Claim Domain & Finalize SSO
- Go back to Vimeo SAML modal
- upload the Multi-Pass IdP metadata XML (Vimeo will parse the Sign-in URL and certificate).
- Alternatively: paste your IdP Sign-in URL and upload the IdP signing certificate (.pem, .crt, or .cert).
- IdP Entity ID = https://ca.auth.kzero.com/realms/<TENANT_NAME>
- Sign-In URL = https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml
- Sign-Out URL (optional) = https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml
- Save the SAML connection in Vimeo
SSO is not forced yet (you can test first and enforce later).
- In the Vimeo SAML connection modal (Step 2), copy the test link and open it in a new tab (private/incognito) to try logging in.
Test users must already be on your Vimeo team. To provision new users during the test, enable JIT provisioning in settings.
- Once validated, you can request to claim your domain for this SAML connection. After Vimeo approval, users with your company domain will be forced to sign in via SSO.
Provisioning options (Vimeo)
| Option | Description |
|---|---|
| Just-In-Time (JIT) | Automatically creates users upon first SSO login (recommended if you want auto-provisioning; domain claim may be required). |
| Team-based SSO | Only users already on your Vimeo team can authenticate via SSO (no auto-provisioning). |
| SCIM | Full lifecycle sync of users/groups via SCIM (create, update, deactivate). Requires Vimeo Enterprise and SCIM app setup. |
SSO settings (Vimeo)
| Setting | Description |
|---|---|
| Force SSO | Prevents email/password logins and disables password resets. Enabled automatically after domain claim or when team-only SSO is on. |
| Default role | Assigns a default role to users created via JIT or SCIM. |
| Logout redirect URL | URL where users are redirected after logging out of Vimeo. |
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Vanta - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...Dynatrace - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...