Active Directory Integration
(Available in Enterprise Edition only)
You can integrate Zoho Vault with your corporate identity store (AD/LDAP) for user management and authentication. Zoho Vault leverages SAML 2.0 for this integration, thus helping enterprises to simplify user management and enhance security further. Technically, Zoho Vault acts as the service provider, and it integrates with any identity providers (AD/LDAP).
For more information, refer to the FAQ section on AD/LDAP integration. This process involves four steps as described below.
- Step-1: Domain Configuration
- Step-2: Importing Users from AD/LDAP
- Step-3: SP Details
- Step-4: SAML Configuration
Note: Only Super Admin(s) can enable Active Directory integration for their organizations.
Step-1: Domain Configuration
This step is necessary to confirm your ownership of the domain. The domain name is not necessarily your AD Domain. It should be the second part of email address. For example, if your email is firstname.lastname@example.org, the domain you will have to verify is zillium.com.
- Navigate to 'Admin' tab >> AD/LDAP Integration >> Add & Verify domain.
- Click 'Add Domain' and enter your domain name.
- The next step is to verify the domain you have added. You can verify your domain by two ways - CNAME & HTML file method.
- Choose the verification method and follow the instructions there to verify your domain.
When you import users from Active Directory to Zoho Vault, invitation mail will not be sent to the imported users, whose email address has the verified domain name.
Step-2: Importing Users from AD/LDAP
You can use the Provisioning App to import users from AD/LDAP to Zoho Vault. Before importing users from the Provisioning App, you should enter login details and configure the LDAP connection.
- Login Details: Enter your verified domain name and your Zoho Vault account credentials (super-admin) here. If your organization connects to the internet via proxy enter your proxy settings here.
- LDAP Connection: Configure your LDAP server details, SSL, Base DN, and Scope. The domain administrator credentials you supply here should have minimum read privileges for the verified domain.
Provision: Selecting 'Import Users' option allows you to import the users you require from AD/LDAP. The 'Sync Users' option helps you can synchronize your AD/LDAP directory with Zoho Vault. When new users get added to AD/LDAP, they can be automatically added to Zoho Vault too. In addition, Zoho Vault provides two other options:
Note: For more information on Zoho Vault's provisioning app, click here.
- Disable Users: This option will help you to disable users who are present in Zoho Vault but not in AD/LDAP.
- Delete Users: This option will help you to delete users who are present in Zoho Vault but not in AD/LDAP. Choose the operation and provide LDAP Queries and exclusions as needed.
- Provide the necessary attributes
- Review the LDAP query results and click 'Finish.'
- The list of users imported will be displayed
Step-3: SP Details
Zoho Vault technically serves as the service provider (SP) and it integrates with any identity providers (AD/LDAP). During this integration process, you need to provide SP details to your identity provider. To make that process simple, Zoho Vault provides an option to download its metadata (data that contains information about Zoho Vault). You can supply this downloaded metadata file to your identity provider.
Step-4: SAML Configuration
You can find the installation & configuration procedures of ADFS 2.0 to work with Zoho Vault in this document. Navigate to Admin>> Domains >> 'SAML' tab in Zoho Vault GUI, and enter your identity provider details.
- Login URL: You should enter your identity provider's login page URL here. All user login requests will be redirected only to this specified URL.
- Logout URL: You should enter your identity provider's logout page URL here. All user logout requests will be redirected only to this specified URL.
- Certificate: You should enter the public key certificate of the identity provider here.
- Algorithm: You should select the algorithm that is to be used by Zoho Vault for decrypting SAML responses sent by the identity provider here.
Note: You can use either a CA-signed certificate or a self-signed certificate. If you are using a self-signed certificate, the user will see a certificate error in the browser during the login process. This error can be ignored.
Once you complete all the above steps, SAML will be configured, and Single Sign-On will be activated for Zoho Vault. Thereafter, your users need to follow the below steps to log into Zoho Vault.
- Go to Zoho Vault login page
- Go to "Sign in with Active Directory Credentials" section at the bottom of the sign in page
- Enter the name of your domain
- Click 'Go.'
Users will be redirected to the identity provider's web page for authentication. They will have to enter their AD/LDAP credentials here, and once the authentication succeeds, they will be redirected to the Zoho Vault website, which will allow access to the user.