You can use Azure AD service provided by Microsoft to integrate login with VaultOne.

To integrate the AD On-Premises service, you must first install Azure AD Connect. This application, provided by Microsoft, makes it possible to synchronize AD On-premises with AD in the cloud.

In your VaultOne, In the “Administration -> Settings” section, navigate to the “Identity Providers” tab

For AD setup on your VaultOne, you will need to fill in some information.

Remember: If you only want to allow authentication to VaultOne through AD, you only need to fill in the first two fields (Application ID and Directory ID). In the case of GROUP synchronization, all information must be completed.

In a new tab, access the Microsoft Azure portal through the link https://portal.azure.com, and select the “Azure Active Directory” service.

In the left menu, navigate to the “App registrations” section and select the “New Registration” option

Choose a name for the application. Then, under “Supported account types” , select the first option, “Accounts in this organizational directory only”. Finally, click on Register.

A new application registration will be generated. You will use this data to set up Azure AD in VaultOne.

Return to your VaultOne, and fill in according to the data obtained from Azure.

Return to the created App, and this time select the option “Add a Redirect URI”

Under “Platform configurations”, click on the button “Add a platform” and then select the option “Single-page application”.

In “Redirect URI’s”, put your *.vault.one subdomain, such as https://demo.vault.one. Then check the options “Access tokens (used for implicit flows)” and “ID Tokens (used for implicit and hybrid flows)”. Finally, click on “Configure”.

With these settings applied, it is now possible to login to the VaultOne platform using your Azure AD. To import groups, follow the steps below.

In the left menu, click on “Certificates & secrets”. In the “Client secrets” section, click on “New client secret”.

Define a description, and select the option “24 months” under “Expires”. Then click on “Add”.

Once obtained the Client secret data, copy what is in “Value”, and fill in “Application Key” in your VaultOne.

In the side menu, navigate to “API permissions”. Then click on “Add a permission”. Lastly, scroll to the bottom of the page and select the last option, “Azure Active Directory Graph”.

In “Request API permissions”, select the type “Application permissions”, and then check the option “Directory.Read.All”, in the “Directory” section. Click on “Add permissions”.

Also in the section, note that you have not yet been granted administrative privileges. To grant, the AD admin user must click on “Grant admin consent for VaultOne Software”.

Finally, in the “Overview” section of your Azure AD, find your “Primary domain”, and enter it in the “Directory Domain” field in your VaultOne and save.

All set! You have configured your Azure Active Directory integration with your VaultOne.

Found your answer? If you still have questions, you can contact us!

[email protected]