Active Directory Integration FAQs
1. How many Active Directory Federation Services (ADFS) can be connected to Zoho Vault?
One. You can give the URL of only one ADFS server to Zoho Vault.
2. What identity providers does Zoho Vault support?
Zoho Vault uses the most secure and widely used industry-standard Security Assertion Markup Language (SAML). So, it can be readily integrated with any identity provider that supports SAML 2.0.
3.Can I use any other identity providers instead of Active Directory Federation Services (ADFS)?
Yes. You can use any identity provider that supports SAML 2.0 instead of Active Directory Federation Services.
4. What happens when a new user is added into AD/LDAP?
The AD/LDAP should be periodically kept in sync with Zoho Vault. In this way, the new users of your organization can access Zoho Vault without any hassles.
5. We use Office365 for our exchange hosting, and our local domain does not contain any e-mail address. In Active Directory Users and Computers, whether the user's email address will be assigned to the "Email" field?
For successful SAML authentication, the "Email" field should have a value for the users. Your email can be hosted anywhere, but the field in the active directory should have the value of user's email address.
6. Do you need a certificate from a centrally assigned authority or it can be self-signed?
Anyone, it's your choice. You can use either use a centrally assigned authority or a self-signed certificate. If you are using a self-signed certificate, the user may happen to see certificate error in the browser during the login process. This error can be ignored.
7. How does single sign-on work with Zoho Vault's two-step verification?
The first step of authentication is through your AD credentials, the process, policies, and security features you've set up there will remain the same. In the second step, you should enter your passphrase.
8. How does single sign-on work with Zoho Vault's two-factor authentication?
If your organization admin has enforced two-factor authentication, logging into Zoho Vault is a three-step process (recommended)
- The first step of authentication is through your AD credentials
- In the second step, you need to enter your Google authenticator or SMS text/voice call verification details
- In the third step, you should enter your passphrase
9. If there's a problem with our identity provider, what should I do?
In case of emergency, users can request their organization admin to temporarily turn-off single sign-on and log into Zoho Vault using Zoho accounts credentials. Once the issue is fixed, the organization admin can once again turn on the SSO.
Note: To know how to turn-off single sign-on, refer question number 12
10. Can an organization admin sign into Zoho Vault with AD credentials?
No. The organization admin can log into Zoho Vault only with his Zoho credentials. He does not have the option to log in with the single sign-on method.
11. What happens to my mobile devices that are connected to Zoho Vault when I turn on SSO?
The mobile application service remains uninterrupted even after turning on the SSO. But, from now on the users would be able to log in Zoho Vault only with their AD credentials.
12. How to disable SAML authentication?
Organization admin (usually the user who first signed up for Zoho Vault) can login to our service by visiting "www.vault.zoho.com". In the login page, instead of AD credentials, the Zoho accounts credentials can be used (the password you used when you signed up)
- After logging in, go to Admin ---> AD/LDAP Configuration -> SAML Configuration page and delete the configuration.
- By this way, you can disable the SAML authentication.
- When you have imported users using the Provisioning App, you might have supplied a default password. Your organization users can use this default password to login. If they do not have a default password, they can click “Forgot Password” link in the login page to receive a mail to generate a new password.