Vault is a feature that allows you to securely store credentials within your Safous PRA environment, simplifying the process for administrators to map certain access applications using the SSO (Single Sign-On) function. Most application types in Safous PRA support SSO configurations, with the exception of Network Applications.
Vault supports five types of credential management: Password, Private Key, Certificate, API Key, and Generic Secret.
This article focuses on Password-based vault management, which is used for configuring Basic and Windows SSO settings in applications.
Creating New Vault Password
- Navigate to Settings > ZTNA > Vault > Password
- Click "New Password" button, it will expand multiple forms to be filled out for new vault password
-
When filling out the form, please follow these guidelines:
-
Name is a required field and must be unique among all vault password entries.
-
Username is a required field where you should enter the username that will be used for SSO.
-
Password is required and should match the credential associated with the username entered above.
-
Auto Rotation: Toggle this option on or off. Note: To enable this feature, the target application must be integrated with the same AD/LDAP server as the vault.
-
Target IDP (AD/LDAP): Specify the name of the AD/LDAP directory that is integrated with both the vault and the target application.
-
Rotation Method:
-
Every number of days: Define the rotation interval and choose whether it should be strict or occur only on selected days (e.g., Sunday to Monday).
-
After every session: The password will be rotated after each user session.
-
-
- Click "Save".
Modify or Delete Existing Vault Password
- Navigate to Settings > ZTNA > Vault > Password
- Click plus sign (+) button on existing password, which will expand the information of that specific password list
- Click Edit to modify, or Delete to delete the password.