Using Single Sign-On (SSO) with Wistia

Single Sign-On makes logging in to online services easier and more secure. Read on to learn about the SSO methods supported within Wistia.

What is SSO?

Put simply, Single Sign-On (SSO) allows you to log in to multiple online platforms using a single set of credentials. SSO also makes it easier to manage secure credentials across multiple platforms by limiting the total number of unique logins and passwords you need to remember.

Single Sign-On has 2 key roles that a platform can perform:

  • Service Provider (SP): this is the platform you intend to log in to and use. For example, accessing your Wistia account to manage your medias.
  • Identity Provider (IDP): this is the platform providing your login credentials. For example, Sign in with Google would use Google as the IDP for authorization.

Our SSO options differ based on the role you want Wistia to perform.

Wistia as Service Provider (SP)

When you register a new Wistia account you have the choice to create your login and password on Wistia, or you could choose Single Sign-On to register with an existing login from a different service. In this situation, Wistia is considered the Service Provider (SP), and the other service is the Identity Provider (IDP).

We support two different IDPs for Single Sign-On into Wistia:

  • Sign in with Google
  • Sign in with Microsoft

Both of these options are accessible from our Wistia Login Page.

Microsoft Azure Emails and SSO

“Sign in with Microsoft” and “Microsoft Azure SSO” are different.

Microsoft Azure SSO (single sign-on) requires direct integration via the SAML protocol which we do not support in Wistia.

However, emails managed in Microsoft Azure can still be used for the “Sign in with Microsoft” option.

Enabling Azure users to sign in with Microsoft requires the following steps:

  1. An Azure admin user must be invited to the Wistia account, accept the invite, and select “Sign up with Microsoft.”
  2. When the Microsoft permissions page opens, the admin will be asked to “consent on behalf of your organization” to allow non-admins to log in. Make sure this box is checked.
  3. From this point forward, members of this organization can use their Azure-managed emails to “Sign in with Microsoft” to Wistia.
This does not automatically give people access to Wistia, it just allows those emails to be used without needing to set a password in Wistia. They will still need to be invited to Wistia first and create an account in Wistia using that email.

Wistia as Identity Provider (IDP)

If you’re looking to use Wistia as the IDP for signing in to a different app/SP, this can be set up using our oAuth2 resource for developers.

oAuth2 is particularly useful if you’re developing an application and want users to be able to sign in via Wistia to display their account data, medias, or stats in your app.

The oAuth2 feature is not automatically enabled on Wistia accounts. Your Account Owner can email to request it, and our Customer Champs will turn it on.

SSO with Wistia FAQ

Can I use an alternative SSO provider (IDP) with Wistia, or a custom SSO option via SAML, OpenID Connect, etc?

At this time we only support Google and Microsoft as our Single Sign-On providers. If there is a particular SSO provider or protocol you’d like to see added in the future, feel free to email and make a feature request.

Can I use oAuth2 to integrate with a custom SSO provider (IDP)?

oAuth2 cannot be used to set up a custom SSO provider/IDP with Wistia.

The oAuth2 resource in Wistia is specifically for using Wistia as the IDP when logging into a different application. This resource is most often used for including Wistia content or functionality in that application rather than for authorization alone.