What is SSO?
Put simply, Single Sign-On (SSO) allows you to log in to multiple online platforms using a single set of credentials. SSO also makes it easier to manage secure credentials across multiple platforms by limiting the total number of unique logins and passwords you need to remember.
Supported SSO identity providers
Wistia’s SSO functionality supports all major SAML 2.0 or OIDC identity providers (IdPs), including:
Okta
Entra ID (formerly Azure AD)
OneLogin
We generally support any SAML 2.0 or OIDC-compliant IdPs. If you are interested in connecting with an IdP not listed here, reach out to your account’s Customer Success Manager (CSM) for more details.
Note
“Sign in with Google” and “Sign in with Microsoft” are OAuth-based login methods unrelated to SSO. All accounts can use Google or Microsoft OAuth logins regardless of plan level.
Enable SSO in Wistia
Set up Wistia SSO with your IdP
The first step to enable SSO in your account is to configure Wistia SSO with your IdP. Check out our dedicated SSO setup guides for the major providers:
Contact your Customer Success Manager for setup instructions if you're using an IdP not listed here.
Configure SSO Provider in Wistia
Once you've configured Wistia SSO in your IdP, head to the "SSO" tab in your Wistia account settings.
Note
SSO setup is only accessible to Account Owners.
On the SSO setup page, paste the metadata URL into the field and click “Configure SSO Provider.”
Note
If you have a metadata XML file instead of a URL, reach out to your Customer Success Manager for assistance.
The following options are available in the SSO Configuration section:
Turn on single sign-on for all users: This allows your users to sign in to your account using either SSO or their existing login method.
Require single sign-on for all users: This forces your users to use SSO to access your account. See Force SSO-only login for Wistia for more details.
Log in to Wistia with SSO
When SSO is officially enabled for a Wistia account, the following login options are available to all users:
All accounts receive a dedicated SSO login URL:
https://<account>.wistia.com/login/ssoUsers can initiate the login process from the application icon or bookmark to your SSO login URL within your IDP dashboard.
All Wistia login pages include a “Sign in with SSO” button. This will first ask users to specify the account name, and then authenticate their SSO credentials
Force SSO-only login for Wistia
Note
Account Owners are never required to use SSO.
It’s possible to require SSO logins for all Wistia users. With SSO configured, you can enable this option on the SSO page in your Account Settings.
“Forced SSO” is an account-wide option, meaning all non-Owner users must use SSO to log in. If you have users outside your company or organization that need to access Wistia, consider leaving this option disabled; otherwise, they will need to be set up with an SSO credential within your IdP.
SSO with Wistia FAQ
How will enabling SSO affect existing Wistia users who previously signed in using other methods?
Existing Wistia users can seamlessly switch to SSO logins once SSO is enabled, provided their Wistia email address matches their IdP-managed email. If these emails do not match, users should update their email in Wistia from the profile page in their account settings.
Existing users will retain all prior permission levels and access to content when switching to SSO.
Does Wistia support Just-in-Time (JIT) user provisioning?
Yes! When you first provision a new user with Wistia access in your IdP, their Wistia user will be automatically created upon their first login to the account.
Can Wistia user permissions be managed within our IdP?
Currently, all user permissions and content access must be managed within the Wistia account. Users can be provisioned in the IdP for Wistia access and then assigned specific roles or permissions on the Wistia user page by a Manager or Account Owner.
Does Wistia support IdP-initiated sign-in?
Due to security concerns, we only support SP-initiated sign-in at this time.
What is SAML?
Security Assertion Markup Language, an XML-based protocol that allows a “Service Provider” (SP) to securely authenticate a user with an IdP by trading specially formatted XML documents. This is the most common and trusted SSO protocol, but there are others.
What is OIDC?
OIDC is an OAuth-based authentication protocol commonly used for single sign-on. Some enterprise IdPs also allow for OIDC-based SSO, such as Okta.
What if I have more questions?
Contact your Customer Success Manager or reach out to Wistia Support anytime!