CDD Vault can now be configured to use a single sign-on (SSO) solution for authentication. Once this is enabled, the traditional password-based login to CDD Vault is no longer possible for users. This provides the customer complete control over user authentication: the customer can configure their SSO solution to enforce whatever controls are desired, including IP restrictions, second-factor challenges or physical security keys.
What You Need:
Assertion Consumer Service (ACS) URL:
What CDD Needs from Your Team:
- Please send the SAML 2.0 Metadata
- Please indicate if you will be using Microsoft Azure for your SSO
In order for SSO to be implemented for a customer, users across all of the customer’s CDD Vaults must be covered by the company’s SSO system. If any user belongs to an external CDD Vault, then SSO cannot be implemented unless the user changes their user account used for the external Vault(s).
For an Azure Enterprise implementation, there are two places where the SAML Metadata can be found. Only the xml metadata exported from 1 location can be used for CDD Vault authentication.
- Navigate to the "Enterprise applications" menu/tab, then the "Single sign-on" sub-tab. Find the "SAML Certificates - App Federation Metadata Url" setting and export/copy the correct xml meta data xml from this setting.
- However, if you navigate to the "App registrations" menu and then use the "Overview" > "Endpoints" sub-tab, the xml federated metadata exported/copied from here does not work with CDD Vault SSO authentication.