Authentication is how a user gains access to the Vault repository. Each user who accesses Vault must have (or be assigned) a Vault user account. However, the password required to access Vault can either be the one stored in Vault, or one specified by an Active Directory domain account. Active Directory authentication allows the user to change her password in one place and have it apply to both the domain account as well as the Vault account.
• Vault Authentication. When authenticating against the Vault password, merely define the user in Server Settings -> Users -> Add dialog and provide the user’s information and password. The user will use that password when logging into Vault.
• Active Directory Authentication. When authenticating against Active Directory, two steps are required:
1. Provide the domain against which you will search for an account of the same name. This is done in the Admin Tool through Server Settings ->Advanced Settings, in the “Active Directory domain for authentication” field.
2. Once a domain is specified, an option in the “Active Directory domain for Authentication” drop-down menu in the Add User page will become active, allowing you to require the user to authenticate against their domain account. Note that the domain account needs to have the same name as the Vault user account.