Vault provides a few ways to log in:

  • User Login: This is the standard login. The first time you log in, you’ll enter your user name, for example,, and your password. On subsequent logins, Vault will remember the last user name you used and you’ll only need to enter your password. If you have multiple Vault accounts or share a computer with another Vault user, you can click Switch user to enter a different user name.
  • Single Sign-on (SSO): This process allows you to access multiple authorized applications without having to log into each application separately. SSO enables organizations to validate user names and passwords against a corporate user database (such as Active Directory), rather than having separate user credentials managed by Vault and other applications. If your Vault account uses SSO, you’ll be automatically directed to your organization’s Identity Provider when you attempt to access Vault.

Accessing the Login Page

You can access the login page by navigating to or by opening a hyperlink or bookmark for a specific page in your Vault. For example, email notifications often include a link to the related content. If you do not already have an active session, opening to any page in Vault will direct you to the login page, or, if using SSO, your Identity Provider’s login page.

Multi-Vault Domains & Cross-Domain

If you have access to multiple Vaults through a single user account, logging in can take you directly to a specific Vault or to the My Vaults page.

  • If you initiate login from a hyperlink that points to a specific Vault, you’ll go directly to that Vault.
  • If you initiate login from the generic login page, such as, you’ll go to the last Vault you’ve accessed. If you’ve never accessed a Vault in the current browser, or your past session information isn’t available, you’ll go to your most relevant available Vault.
  • If you initiate login from a customer-specific login page, for example,, you’ll go to a Vault for that customer.

If we cannot log you into a specific Vault according to the above rules, for example, because the Vault is in Configuration Mode or you no longer have access, you’ll go to the most relevant available Vault.

Password Managers

Some users utilize password managers (such as LastPass or KeePass) or browser settings to generate, store, and populate login information for a large number of login accounts. If your security policy allows, the password manager can autofill your password in the Vault login screen. Admins can prevent browsers and password managers from saving and autofilling the password field in the Vault login screen.

LastPass Setup

Although we support LastPass for saving and managing Vault login information, LastPass’s autofill functionality is not compatible for users who access Vault with more than one user account. To use LastPass in this situation, you must disable the autofill functionality.

Open LastPass and find each configured Vault site. Click Edit and check the Disable Autofill setting under Advanced Settings. See LastPass Help for more information.

Login Errors

If you cannot log into Vault, you’ll see a detailed error message.

Two-factor & Multi-factor Authentication

Vault does not support two-factor or multi-factor authentication for accounts with basic security policies, for example, accounts authenticating directly against Vault using a user name and password. For Single Sign-on accounts, users can configure two-factor and multi-factor authentication through their Identity Provider system.