End user authorization

After you successfully

  • registered an application for Token Vault in a cloud provider, and
  • registered an Authorization Provider in Token Vault for your selected cloud,

users need to log in to Token Vault and authorize on the Token Vault Available authorization providers page.

To authorize, they need to:

  1. Open a browser and enter the Token Vault URL in the browser's address bar. For example, https://testmachine.testdomain.com:8381.

    This URL must be communicated to users by the administrator for example in email, so that they can perform this step.

  2. Log in with your Token Vault administrator credentials in either of the following ways, depending on how your Token Vault Authentication settings are configured:
    • Enter your Windows User name in domain\username format, then enter your Password and click Log in.
    • Login with your Azure Active Directory user by clicking Sign in with Microsoft.

    After a successful login, the available Authorization Providers are displayed.

  3. Click Authorize for the selected authorization provider.

    The browser redirects them to the login page of the cloud belonging to the selected authorization provider.

  4. Log in with their cloud account and grant access to the application.

    The browser directs them back to Token Vault displaying the authorization success dialog.

  5. Click Close to finish the authorization.

Once the authorization is complete, users can do the following:

  • Revoke authorization: Click Revoke authorization for the selected authorization provider and then click Revoke on the confirmation dialog.
  • Re-authorize with a different cloud account: Click Reauthorize for the selected authorization provider and then perform the required authorization steps again.

If the administrator modifies the permissions of an Microsoft 365 application configured for Token Vault after some users have already authorized the Microsoft 365 Authorization provider connected to this Microsoft 365 application, the users must perform the authorization steps again to get a new token which is valid for the modified permissions. The administrator can force this reauthorization by removing the tokens belonging to this Microsoft 365 Authorization provider on the Manage tokens page in Token Vault.