8.10 Single Sign-On

Single Sign-On allows users to log into MetaDefender Vault without requiring them to enter Active Directory credentials or create a local account. Enabling single sign-on is available for Identity Providers (IdP) that suppport the OpenID Connect protocol.

In order to set up single sign-on, please go to Settings → Single Sign-On



Enable SSO

Turn SSO integration on / off

Ignore TLS Certificate

Accept requests from the IdP even if the certificate is not fully trusted

Load User Profile

Attempt to retrieve user claims by calling the /userinfo endpoint

Provider Name

A friendly name that identifies the IdP in Vault


The URL of the IdP

IP Address Or Domain

The IP or domain of the Vault instance that will be used to construct the Redirect URL

Redirect URI

The generated URL where the user would be redirected by the IdP after the authentication

Client ID

A unique identifier assigned by the identity provider to registered clients

Client Secret

A randomly generated sequence issued by the identity provider and used in client authorization

Administrator Emails

A list of emails that will be used to assign administrative privileges for users with matching emails; these users would be assigned the ‘Administrator’ role in Vault

Integration Scopes (Optional)

A list of optional scopes to be used when making the request to the IdP

Additional endpoints (Optional)

Specifies a list of additional base addresses that should be allowed for endpoints