Note
SSO is only available for accounts on the Premium Plan at this time. Reach out to your Customer Success Manager to get started!
What is SSO?
Put simply, Single Sign-On (SSO) allows you to log in to multiple online platforms using a single set of credentials. SSO also makes it easier to manage secure credentials across multiple platforms by limiting the total number of unique logins and passwords you need to remember.
Supported SSO Identity Providers
Wistia’s SSO functionality supports all major SAML 2.0 or OIDC identity providers (IdPs), including:
Okta
Entra ID (formerly Azure AD)
OneLogin
We generally support any SAML 2.0 or OIDC-compliant IdPs. If you are interested in connecting with an IdP not listed here, reach out to your account’s Customer Success Manager (CSM) for more details.
Note
“Sign in with Google” and “Sign in with Microsoft” are oAuth-based login methods which exist separately from our SSO feature. All accounts can use Google or Microsoft oAuth logins, regardless of plan level.
Set up Wistia SSO with your IdP
Check out our dedicated SSO setup guides for the major providers:
Contact your Customer Success Manager for setup instructions if using an IdP not listed here.
Log in to Wistia with SSO
When SSO is officially enabled for a Wistia account, the following login options are available to all users:
All accounts receive a dedicated SSO login URL:
https://<account>.wistia.com/login/ssoUsers can initiate the login process from the application icon or bookmark to your SSO login URL within your IDP dashboard.
All Wistia login pages now include an “SSO” button. This will first ask users to specify the account name, and then authenticate their SSO credentials
Just a friendly reminder that these options will only be available after Wistia has enabled SSO for the account and notified you.
Forcing SSO-only logins to Wistia
Note
Account Owners will never be required to use SSO.
It’s possible to require SSO logins for all Wistia users. This option will be off by default when we first activate SSO for an account, and can be enabled upon request.
“Forced SSO” is currently an account-wide option, which means all non-Owner users will be required to use SSO to log in. If you have users outside your company or organization that need to access Wistia, consider leaving this option disabled otherwise they will need to be set up with an SSO credential within your IdP.
SSO with Wistia FAQ
How will enabling SSO affect existing Wistia users who previously signed in using other methods?
Existing Wistia users can seamlessly switch to SSO logins once enabled, as long as their email address in Wistia matches their IdP-managed email. If the emails do not match, users can update their email in Wistia from the Account > Settings > Profile page.
Existing users will retain all prior permission levels and access to content when switching to SSO.
Does Wistia support Just in Time (JIT) user provisioning?
Yes! When you first provision a new user with Wistia access in your IdP, their Wistia user will be automatically created upon their first login to the account.
Can Wistia user permissions be managed within our IdP?
Currently all user permissions and access to content must be managed within the Wistia account. Users can be provisioned in the IdP for Wistia access, and then given specific roles or permissions within the Wistia user page by a Manager or Account Owner.
Does Wistia support IdP-initiated sign-in?
Due to security concerns, we only support SP-initiated sign-in at this time.
What is SAML?
Security Assertion Markup Language, An XML-based protocol that allows a “Service Provider” (SP) to securely authenticate a user with an IdP by trading specially formatted XML documents. This is the most common and trusted SSO protocol, but there are others.
What is OIDC?
OIDC is an OAuth-based authentication protocol commonly used for social sign on. Some enterprise IdPs also allow for OIDC-based SSO, such as Okta.
What if I have more questions?
Contact your Customer Success Manager or reach out to Wistia support at any time!