Only Domain Admins with the Admin: Domain Administration: SSO Settings: Read and Admin: Domain Administration: SSO Settings: Edit permissions in their security profile can view and configure SSO settings for a domain. SSO enablement and configuration applies across all Vaults in a multi-Vault domain. Learn more about Vault’s SSO options in Single Sign-on Basics.
To configure single-sign on, you must:
- Create an SSO profile, either SAML or OAuth2.0 / OIDC.
- Create an SSO security policy with the Single Sign-on Authentication Type.
- Provision users to use SSO.
Create an SSO Security Policy
To complete SSO configuration, you must apply a Single Sign-on security policy that enables user accounts to use SSO. You can do this by creating a new security policy or changing the settings for an existing policy.
Provision Users to Use SSO
When provisioning new users, you can set them to use SSO by assigning them to an SSO security policy. If you are using a User ID Type of Federated ID, you must set the Federated ID value in the user profile.