SSO Configuration
Configuring Single Sign-On (SSO)
SSO is an authentication process that allows users to access multiple applications after only signing in once. Vault supports SSO integration for any identity provider that adheres to the OASIS SAML 2.0 protocol. This enables orgs to restrict access to IPs via SSO.
Permissions
You must have Admin privileges to configure SSO settings for your organization.
To check your Admin access in Vault, go to Manage Users > Users and verify if your "Type" is set to Admin.

How to enable SSO
To enable SSO for Vault, you need to perform the below steps:
- Configure SSO settings in your identity provider. 
- Login to your Vault account. 
- Go to Settings > SSO Configuration. 
- Fill out the SSO fields: - Give a unique name that identifies your instance in the Single Sign-on field. 
- Choose how you would like to configure the SSO: - Metadata URL: The URL that Vault can access to obtain SSO configuration data from your identity provider. This is a URL specific to your identity provider. 
- Metadata File: Upload the metadata file obtained from your identity provider. 
 
 
- Click Save. 

How to log in when SSO is enabled
When SSO is enabled, you can sign in by going to the Vault log-in page, click on Login with SSO, and providing your custom domain.

Here is a sample doc from OKTA on how to setup network zones that restrict access to apps registered in OKTA: https://help.okta.com/oie/en-us/content/topics/security/network/network-zones.htm.
Last updated
Was this helpful?

