Vault Password Management

Vault is a feature that allows you to securely store credentials within your Safous PRA environment, simplifying the process for administrators to map certain access applications using the SSO (Single Sign-On) function. Most application types in Safous PRA support SSO configurations, with the exception of Network Applications.

Vault supports five types of credential management: Password, Private Key, Certificate, API Key, and Generic Secret.

This article focuses on Password-based vault management, which is used for configuring Basic and Windows SSO settings in applications.

Creating New Vault Password

  1. Navigate to Settings > ZTNA > Vault > Password
  2. Click "New Password" button, it will expand multiple forms to be filled out for new vault password
  3. When filling out the form, please follow these guidelines:

    • Name is a required field and must be unique among all vault password entries.

    • Username is a required field where you should enter the username that will be used for SSO.

    • Password is required and should match the credential associated with the username entered above.

    • Auto Rotation: Toggle this option on or off. Note: To enable this feature, the target application must be integrated with the same AD/LDAP server as the vault.

    • Target IDP (AD/LDAP): Specify the name of the AD/LDAP directory that is integrated with both the vault and the target application.

    • Rotation Method:

      • Every number of days: Define the rotation interval and choose whether it should be strict or occur only on selected days (e.g., Sunday to Monday).

      • After every session: The password will be rotated after each user session.

  4. Click "Save".

Modify or Delete Existing Vault Password


  1. Navigate to Settings > ZTNA > Vault > Password
  2. Click plus sign (+) button on existing password, which will expand the information of that specific password list
  3. Click Edit to modify, or Delete to delete the password.