Contact Us
Help Center Home > VaultOne > VaultOne: Enable the VaultOne SSO Feature Using OpenID Connect (OIDC)

VaultOne: Enable the VaultOne SSO Feature Using OpenID Connect (OIDC)

The VaultOne platform supports seamless integration with various identity providers through the OpenID Connect (OIDC) protocol. This article outlines the essential requirements and steps for configuring this Single Sign-On (SSO) integration.

Verify Well-Known URL Requirements

Before starting the configuration, it's recommended to use a JSON formatter software for better visual interpretation of the data. Then, access the Well-Known URL of the application responsible for your SSO and verify the following:

  • Response types should be: "ID_Token" or "Code ID_Token".
  • Grant types should be: "Implicit".
  • Scopes should include: "openid", "email", and "profile".

Copy Essential URLs

From the same Well-Known URL you accessed in Step 1, carefully copy and save the following URLs:

  • "issuer" URL
  • "authorization_endpoint" URL

Configure Your Identity Provider

Now, you need to configure the settings within your chosen identity provider (e.g., Azure AD, Okta).

  1. Ensure you select the options previously verified in Step 1.
  2. If your identity provider asks for a Redirect URL and VaultOne Login URL, provide your full VaultOne Login URL. For example: https://demo.vault.one/account/login.
  3. After completing this configuration, your application will generate a Client ID. Make note of this ID.

Configure OpenID Connect in VaultOne

Finally, you will input the gathered information into your VaultOne platform.

  1. Access your VaultOne platform.
  2. Navigate to Administration.
  3. Click on Settings.
  4. Select the Identity Providers tab.
  5. Enable the "OpenID Connect Information" option.
  6. Fill in the following fields with the data you collected:
    • Client ID (generated in Step 3)
    • Issuer (saved in Step 2)
    • Authorization endpoint (saved in Step 2)
  7. Click Save all to apply the configuration.

Troubleshooting Tip: Verify Application Data Flow

To ensure your application is sending all necessary data to VaultOne during login, you can use a tool like https://oidcdebugger.com/.

  1. Fill in the Authorize URI with your Issuer URL.
  2. Keep the Redirect URI as is.
  3. Enter your Client ID.
  4. Include "OpenID", "Email", and "Profile" in the Scope.
  5. Keep State and Nonce unchanged.
  6. Check ID_token in Response Types.
  7. Send the request.

This will help you check if all information is being correctly transmitted or if the token has insufficient data.

Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case