Enable SSO for Vault

I need help in enabling SSO for Vault

My main goal is to enables SSO for vault and manage the user access via AD groups

I have enabled OIDC authentication method and configured it as shown below but unable to manage user access via AD groups.

Users are able to successfully authenticate via OIDC but the authorization is not happening via AD group.

vault read auth/oidc/config
Key Value

bound_issuer n/a
default_role demo
jwt_supported_algs
jwt_validation_pubkeys
oidc_client_id ###########
oidc_discovery_ca_pem n/a
oidc_discovery_url https://####

======================================================================
vault read auth/oidc/role/demo
Key Value

allowed_redirect_uris [https://hostname:8200/ui/vault/auth/oidc/oidc/callback http://localhost:8200/oidc/callback
http://localhost:8250/oidc/callback

bound_audiences [client ID from Ping]
bound_cidrs
bound_claims
bound_subject n/a
claim_mappings
groups_claim groups
max_ttl 0s
num_uses 0
period 0s
policies [policy name]
role_type oidc
ttl 1h
user_claim sub

========================================================================
vault policy read sso-test-list
path “secret/*” {
capabilities = [“list”]
}

I recommend setting up the debugging option on a test server. That’s the best way to see what’s going on. https://www.vaultproject.io/api/auth/jwt/index.html#verbose_oidc_logging

1 Like