Zoho Vault uses the secure, industry-standard Security Assertion Markup Language (SAML) to make this possible. Zoho Vault currently supports SSO for hundreds of pre-defined, popular applications. Admins can also manually configure SSO for any service provider that supports SAML 2.0, and add them as custom apps.

• Configuring SSO for applications
  
• Editing the SSO configuration
  
• Bulk configuration

Configuring Single sign-on for applications

Administrators configure SSO for various applications in Zoho Vault by providing the service provider (application) details and defining the list of Zoho Vault users that can access the applications. Zoho Vault acts as the identity provider (IdP), while the corresponding application acts as the service provider (SP). Users access these applications from the Apps page of their Zoho Vault account, and are directly logged in to their applications, eliminating manual authentication altogether. Follow the steps below to configure Single Sign-On for any application. 

• Step 1: Adding the application details
  
• Step 2: Configuring SAML
  
• Step 3: Mapping users with the application 
  

Prerequisites

• The application must support SAML 2.0
  
• The application (service provider) you wish to configure Single Sign-On for should have help documentation that covers SAML-specific information
  

Adding the application details

1. Click Apps, then select Manage Apps.
   
   
   
   
2. Click Add Supported App to instantly configure an app already supported by Zoho Vault. Select Add Custom App to custom configure an application that supports SAML 2.0 with Zoho Vault. 
   
   
   
   

3. Enter the Application Name, then upload the SP details using a metadata file, or manually provide the required details described in the Application Settings section below.
   
   
   
   
4. Click Next.
   
   

Application Name - The name of the application.
Description (Optional) - A short description of the application.
Default RelayState (Optional) - The URL of the page users will land on after they log in.
Logo (Optional) - The application's logo.
Assertion Consumer Service URL - The address where the SAML response will be posted to.
Single Sign-on URL -The Single Sign-On URL of the service provider (the application's login URL).
Single Logout URL - The web address where users will be redirected after they log out. 
Audience URI (SP Entity ID) - The Entity ID (Issuer) of your application (SP). You cannot add more than one application with the same Entity ID.
Certificate - The application's public key certificate to verify the digital signatures.
Upload SP Metadata File - A file that contains information about the service provider.
Attribute - Information about users (supports first name, full name, email, and last name)

Configuring SAML

Configure the details of Zoho Vault (IdP) in the application (SP) to set up SSO with the application. You can either copy the required details manually, or download them as a metadata file to upload in the application's setup page. The terminologies you come across in the IdP details screen are explained below. 

• Identity Provider Single Sign-On URL - Zoho Vault's login URL, where all user login requests will be redirected
  
• Identity Provider Single Logout URL: Zoho Vault's logout URL, where all user logout requests will be redirected
  
• Identity Provider Issuer: Zoho Vault's Issuer 
  
• Identity Provider Certificate: Zoho Vault's public key certificate
  
• Download Metadata: Optional metadata file to be used if you don't want to configure the IdP details manually
  

Click Next after configuring the IdP details in the application.

Mapping users with the application

Select the users that can access the application from the next screen. 

1. Search for and select the list of users who require access to the application.
   
2. Click Save.
   
   
   

Users will now be able to view and log in to the applications they have access to, from the Apps page. 

Steps to edit the Single Sign-on Configuration

1. Click the Apps tab, then select Manage Apps. 
   
2. Click the Edit or Delete icon, depending on your needs.
   

Bulk Configuration

You can configure single sign-on for multiple apps using More Actions. Read the table below for a list of bulk operations available in Zoho Vault. All bulk operations will be recorded under the Audit tab.