Skip to main content

Using Single Sign-On (SSO) with Wistia

Single Sign-On makes logging in to online services easier and more secure. Learn how to connect Wistia with your SSO identity provider.

Caroline F avatar
Written by Caroline F
Updated over a week ago

Note

SSO is only available for accounts on the Premium Plan at this time.

What is SSO?

Put simply, Single Sign-On (SSO) allows you to log in to multiple online platforms using a single set of credentials. SSO also makes it easier to manage secure credentials across multiple platforms by limiting the total number of unique logins and passwords you need to remember.

Supported SSO Identity Providers

Wistia’s SSO functionality supports all major SAML 2.0 or OIDC identity providers (IdPs), including:

  • Okta

  • Entra ID (formerly Azure AD)

  • OneLogin

We generally support any SAML 2.0 or OIDC-compliant IdPs. If you are interested in connecting with an IdP not listed here, reach out to your account’s Customer Success Manager (CSM) for more details.

Note

“Sign in with Google” and “Sign in with Microsoft” are oAuth-based login methods which exist separately from our SSO feature. All accounts can use Google or Microsoft oAuth logins, regardless of plan level.

Enabling SSO in Wistia

Set up Wistia SSO with your IdP

The first step for enabling SSO in your account is configuring Wistia SSO with your IdP. Check out our dedicated SSO setup guides for the major providers:

Contact your Customer Success Manager for setup instructions if using an IdP not listed here.

Configure SSO Provider in Wistia

Once Wistia SSO is set up within your IdP, head over to your Wistia account, navigate to Settings, and click "SSO."

Note

Only an Account Owner can enable SSO.

From here, paste the metadata URL into the field and click “Configure SSO Provider.”

Note

If you have a metadata XML file rather than a URL, reach out to your Customer Success Manager for assistance.

In the SSO Configuration section, you have the option to:

  • Turn on SSO for all users: This allows your users to sign into your account with either SSO or their existing login method.

  • Require SSO for all users: This forces your users to use SSO to access your account. See Forcing SSO-only logins to Wistia for more details.

Log in to Wistia with SSO

When SSO is officially enabled for a Wistia account, the following login options are available to all users:

  • All accounts receive a dedicated SSO login URL: https://<account>.wistia.com/login/sso

  • Users can initiate the login process from the application icon or bookmark to your SSO login URL within your IDP dashboard.

  • All Wistia login pages now include an “SSO” button. This will first ask users to specify the account name, and then authenticate their SSO credentials

Wistia SSO Login Button

Forcing SSO-only logins to Wistia

Note

Account Owners will never be required to use SSO.

It’s possible to require SSO logins for all Wistia users. With SSO configured, you can turn on this option from the SSO page in your Account Settings.

“Forced SSO” is currently an account-wide option, which means all non-Owner users will be required to use SSO to log in. If you have users outside your company or organization that need to access Wistia, consider leaving this option disabled; otherwise, they will need to be set up with an SSO credential within your IdP.

SSO with Wistia FAQ

How will enabling SSO affect existing Wistia users who previously signed in using other methods?

Existing Wistia users can seamlessly switch to SSO logins once enabled, as long as their email address in Wistia matches their IdP-managed email. If the emails do not match, users can update their email in Wistia from the Account > Settings > Profile page.

Existing users will retain all prior permission levels and access to content when switching to SSO.


Does Wistia support Just in Time (JIT) user provisioning?

Yes! When you first provision a new user with Wistia access in your IdP, their Wistia user will be automatically created upon their first login to the account.

Can Wistia user permissions be managed within our IdP?

Currently all user permissions and access to content must be managed within the Wistia account. Users can be provisioned in the IdP for Wistia access, and then given specific roles or permissions within the Wistia user page by a Manager or Account Owner.

Does Wistia support IdP-initiated sign-in?

Due to security concerns, we only support SP-initiated sign-in at this time.

What is SAML?

Security Assertion Markup Language, An XML-based protocol that allows a “Service Provider” (SP) to securely authenticate a user with an IdP by trading specially formatted XML documents. This is the most common and trusted SSO protocol, but there are others.


What is OIDC?

OIDC is an OAuth-based authentication protocol commonly used for social sign on. Some enterprise IdPs also allow for OIDC-based SSO, such as Okta.

What if I have more questions?

Contact your Customer Success Manager or reach out to Wistia support at any time!

Did this answer your question?