User and User Group Sync | Zoho Vault

User and User Group Sync

Organizations that already have existing accounts with identity providers like Microsoft Entra ID and Okta can easily import their users and user groups to Zoho Vault. Additionally, teams can now automatically sync users and user groups from their respective directory services. 

Note: This feature is only available in Zoho Vault's Professional and Enterprise editions.

Prerequisites

Link your directory account (Okta, Microsoft Entra ID) with Zoho Vault to import or sync users and user groups.


To link your Microsoft Entra ID account with Vault:
  1. Log in to your Zoho Vault account as a super admin
  2. Click Settings, then select Users under the User Management section.
  3. Click Sync Settings, then select Link with Microsoft Entra ID.
  4. Log in to your Microsoft Entra ID account in the pop up window if you haven't already.
Follow the steps in this document (up to step 6 under Configuring the token in Zoho Vault) to link your Zoho Vault account with Okta.

Customizing user and user group sync

After linking your directory account with Zoho Vault, set up user and user group sync by clicking Sync Setting from the Users tab.
  1. Enable sync: Enable sync to get started. The integrated directory service will be auto-selected for your account. 
  2. Sync frequency: Select your choice of Hourly, Daily, or Weekly for sync frequency. You can fine-tune your selection using the Sync once every field accordingly.
  3. One-time password: When you integrate your directory service with Vault, a new Zoho account will automatically be created for every newly imported user. This auto-generated one-time password will grant users access to their Zoho accounts. 
    Note: Users will be prompted to reset this password at first login.
  4. If you want to automatically remove users deleted from your directory from Zoho Vault, select Deleted for the Users deleted from directory must be field. If you only want their accounts disabled in Vault, select Disabled.
  5. Hit Save. You will find the Next Sync field auto-populated with the schedule for the next auto-sync process.


Sync individual groups

To sync selected groups from your directory service, use the following steps:

Sync user groups from Microsoft Entra ID

  1. Access Settings, then click User Group under User Management.
  2. Select Import, then click Import from Microsoft Entra ID.
  3. Import relevant user groups if you haven't already. 
  4. Select Sync corresponding to the user groups of your choice to sync only those selected groups with Zoho Vault.

Sync user groups from Okta

  1. Access Settings, then click AD/LDAP Integration under Integrations.
  2. Select Import users.
  3. Import relevant user groups if you haven't already. 
  4. Select Sync corresponding to the user groups of your choice to sync only those selected groups with Zoho Vault.
Note: You can also revoke sync for specific user groups whenever required by following the same procedure.

Revoke app permissions

To disconnect your directory service from Zoho Vault, use the following steps:

Revoke app permissions in Microsoft Entra ID

  1. Log in to your Microsoft Entra ID account, then access My account.
  2. Select App permissions
  3. Select Revoke corresponding to Zoho Vault.

Revoke app permissions in Okta

  1. Log in to your Okta account as an admin.
  2. Select API from the Security tab.
  3. Delete the Zoho Vault token from the API tokens page.