Using Single Sign-On (SSO) with Wistia
Single Sign-On makes logging in to online services easier and more secure. Read on to learn about the SSO methods supported within Wistia.
Put simply, Single Sign-On (SSO) allows you to log in to multiple online platforms using a single set of credentials. SSO also makes it easier to manage secure credentials across multiple platforms by limiting the total number of unique logins and passwords you need to remember.
Single Sign-On has 2 key roles that a platform can perform:
- Service Provider (SP): this is the platform you intend to log in to and use. For example, accessing your Wistia account to manage your medias.
- Identity Provider (IDP): this is the platform providing your login credentials. For example, Sign in with Google would use Google as the IDP for authorization.
Our SSO options differ based on the role you want Wistia to perform.
When you register a new Wistia account you have the choice to create your login and password on Wistia, or you could choose Single Sign-On to register with an existing login from a different service. In this situation, Wistia is considered the Service Provider (SP), and the other service is the Identity Provider (IDP).
We support two different IDPs for Single Sign-On into Wistia:
- Sign in with Google
- Sign in with Microsoft
Both of these options are accessible from our Wistia Login Page.
Microsoft Azure SSO (single sign-on) requires direct integration via the SAML protocol which we do not support in Wistia.
However, emails managed in Microsoft Azure can still be used for the “Sign in with Microsoft” option.
Enabling Azure users to sign in with Microsoft requires the following steps:
- An Azure admin user must be invited to the Wistia account, accept the invite, and select “Sign up with Microsoft.”
- When the Microsoft permissions page opens, the admin will be asked to “consent on behalf of your organization” to allow non-admins to log in. Make sure this box is checked.
- From this point forward, members of this organization can use their Azure-managed emails to “Sign in with Microsoft” to Wistia.
If you’re looking to use Wistia as the IDP for signing in to a different app/SP, this can be set up using our oAuth2 resource for developers.
oAuth2 is particularly useful if you’re developing an application and want users to be able to sign in via Wistia to display their account data, medias, or stats in your app.
Can I use an alternative SSO provider (IDP) with Wistia, or a custom SSO option via SAML, OpenID Connect, etc?
At this time we only support Google and Microsoft as our Single Sign-On providers. If there is a particular SSO provider or protocol you’d like to see added in the future, feel free to email firstname.lastname@example.org and make a feature request.
oAuth2 cannot be used to set up a custom SSO provider/IDP with Wistia.
The oAuth2 resource in Wistia is specifically for using Wistia as the IDP when logging into a different application. This resource is most often used for including Wistia content or functionality in that application rather than for authorization alone.