Information submitted through the support site is private but is not hosted within your secure CDD Vault. Please do not include sensitive intellectual property in your support requests.

Implementing SSO

CDD Vault can now be configured to use a single sign-on (SSO) solution for authentication. Once this is enabled, the traditional password-based login to CDD Vault is no longer possible for users. This provides the customer complete control over user authentication: the customer can configure their SSO solution to enforce whatever controls are desired, including IP restrictions, second-factor challenges or physical security keys.

What your team needs from CDD

What CDD needs from your team


What You Need:

Entity ID:


Assertion Consumer Service (ACS) URL:


What CDD Needs from Your Team:

  • Please send the SAML 2.0 Metadata
  • Please indicate if you will be using Microsoft Azure for your SSO

In order for SSO to be implemented for a customer, users across all of the customer’s CDD Vaults must be covered by the company’s SSO system. If any user belongs to an external CDD Vault, then SSO cannot be implemented unless the user changes their user account used for the external Vault(s).


Helpful hint:

For an Azure Enterprise implementation, there are two places where the SAML Metadata can be found. Only the xml metadata exported from 1 location can be used for CDD Vault authentication.

  • Navigate to the "Enterprise applications" menu/tab, then the "Single sign-on" sub-tab. Find the "SAML Certificates - App Federation Metadata Url" setting and export/copy the correct xml meta data xml from this setting.
  • However, if you navigate to the "App registrations" menu and then use the "Overview" > "Endpoints" sub-tab, the xml federated metadata exported/copied from here does not work with CDD Vault SSO authentication.