# SSO Configuration

### Configuring Single Sign-On (SSO) <a href="#configuring-single-signon-sso" id="configuring-single-signon-sso"></a>

SSO is an authentication process that allows users to access multiple applications after only signing in once. Vault supports SSO integration for any identity provider that adheres to the OASIS SAML 2.0 protocol. This enables orgs to restrict access to IPs via SSO.

### Permissions <a href="#permissions" id="permissions"></a>

You must have **Admin** privileges to configure SSO settings for your organization.&#x20;

To check your Admin access in Vault, go to **Manage Users > Users** and verify if your "Type" is set to **Admin**.

<figure><img src="/files/B5klL2fiBJ4kST6jqUF6" alt=""><figcaption></figcaption></figure>

### How to enable SSO <a href="#how-to-enable-sso" id="how-to-enable-sso"></a>

To enable SSO for Vault, you need to perform the below steps:

1. Configure SSO settings in your identity provider.
2. Login to your Vault account.
3. Go to **Settings > SSO Configuration.**
4. Fill out the SSO fields:
   1. Give a unique name that identifies your instance in the **Single Sign-on** field.
   2. Choose how you would like to configure the SSO:
      * **Metadata URL:** The URL that Vault can access to obtain SSO configuration data from your identity provider. This is a URL specific to your identity provider.
      * **Metadata File:** Upload the metadata file obtained from your identity provider.
5. Click **Save**.

<figure><img src="/files/0st1PJGfYVpxljOQE556" alt=""><figcaption></figcaption></figure>

### How to log in when SSO is enabled <a href="#how-to-log-in-when-sso-is-enabled" id="how-to-log-in-when-sso-is-enabled"></a>

When SSO is enabled, you can sign in by going to the Vault log-in page, click on **Login with SSO**, and providing your custom domain.

<figure><img src="/files/TFWY6rvAwufFesINjUPC" alt=""><figcaption></figcaption></figure>

Here is a sample doc from OKTA on how to setup network zones that restrict access to apps registered in OKTA: <https://help.okta.com/oie/en-us/content/topics/security/network/network-zones.htm>.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/vault/configuring-vault/sso-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.