SproutVideo websites support Single-Sign-On (SSO) using the SAML 2.0 protocol, and can be setup with Active Directory, as well as other SSO Identity Providers that are compatible.
With SSO enabled, your viewers will have to be authenticated by your Identity Provider before they will be able to login and access your video content. When a viewer navigates to your video website URL, they are redirected to your Identity Provider for authentication, then, once verified, they are redirected automatically to your video site.
SSO only applies to videos on your video website. Embedded videos not on your video website are not protected by SSO.
You must have an existing Identity Provider, like Active Directory, in order to enable SSO for your video website.
This guide is for Active Directory only. If you need help with another Identity Provider, please contact support.
In Your ADFS Server, add a Relying Party Trust by navigating to Relying Party Trusts under Trust Relationships, clicking on "Add Relying Party Trust," and clicking Start to launch the Relying Party Trust Wizard.
Select the option to “Enter data about the relying party manually” and click Next:
Enter the Display Name you'd like to use for your SproutVideo website. This can be your SproutVideo website URL, or another name that you can easily remember. Click Next to proceed.
Select the option to use the "ADFS Profile" and click Next.
You do not need a token encryption certificate, so do not select any of the options, and click Next.
To enable SSO, you'll need some information located in your SproutVideo account, and to adjust some settings. Hover your mouse over "Site" at the top of the page, and select Settings, then click on SSO on the lefthand side of the page. You can enable SSO for your site by checking the box, and you'll need to complete each field with the corresponding information from your Identity Provider (see below). Note your Assertion Consumer Service (ACS) URL is based on your SproutVideo website URL.
Check the box to enable SAML 2.0 WebSSO Protocol, and click next. Then, enter your ACS URL in the following format, replacing "example" with your custom video website details: https://example.vids.io/saml/consume
Enter your SproutVideo subdomain, usually something like "example.vids.io" but without the quotation marks, in the Relying Party Trust Identifier field, being sure to omit the "https://" part of the URL, and click Next.
Select the option to permit all users to access this relying party, and click Next.
Review your settings and click Next, then close the wizard.
Right click on the new Relying Party Trust and select Properties. Then, select the Advanced tab. There, change the Secure Hash Algorithm to “SHA-1”, then click OK.
Right click on the new Relying Party Trust, select Edit Claim Rules, and click on "Add Rule".
Right click on your relying party trust, then click Edit Claim Rules and click Add Rule. Select “Send LDAP Attributes as Claims”, then click Next. Select "Send LDAP as the Claim Type" and enter “Get Attributes” as the Claim rule name. Select “Active Directory” as your Attribute store, “E-Mail-Addresses” as the LDAP Attribute and “E-Mail Address” as the Outgoing Claim Type. Select “Display-Name” as the LDAP Attribute and “Name” as the Outgoing Claim Type. Click on Finish.
Right click on the new Relying Party Trust, select Edit Claim Rules, and click on "Add Rule". Select “Transform an Incoming Claim”, then click Next. On the next screen, enter “Name ID Transform” as the Claim Rule Name, select “E-Mail Address” as the Incoming claim type and select “Name ID” as the Outgoing claim type, then select “Email” as the Outgoing name ID format. Click Finish, then click OK.
Under Site > Settings > SSO, you'll find the field where you need to enter your SAML SSO URL. Typically, it’s formatted as the URL to your ADFS service with /adfs/ls/ appended to it, but yours might be different, so be sure to double check.
From ADFS console, navigate to Service, then Certificates, and right click on your Token-Signing Certificate. Click on "View Certificate" and go to the Details tab, select the certificate thumbprint, and copy it. Paste the thumbprint into the "Certificate Fingerprint" field in your SproutVideo account in your SSO settings under Site.