Security & Access Control


Configuring Field-Level Security on Objects

Access to edit object records is controlled first at the object level by the user’s security profile and then (if configured) by Dynamic Access Control...

Configuring Hide User Information

Hide User Information is a method of protecting your users’ identities. With Hide User Information, you can configure your vault to prevent unauthorized users from...

Configuring Matching Sharing Rules for Objects

Matching Sharing Rules are part of Dynamic Access Control for objects. These rules allow assignment of users to Auto Managed groups and dynamic assignment...

Configuring Single Sign-On

Only Domain Administrators with the SSO Settings: Read and SSO Settings: Edit permissions in their security profile can view and configure SSO settings for a domain. SSO enablement and...

Configuring User Role Constraints

This feature supports large or global implementations of Dynamic Access Control, specifically where an organization wants to delegate maintenance of User Role Setup records to...

Creating & Managing Users

This article explains how to manage user accounts in a vault. Note that user accounts exist at the domain level, so in multi-vault domains, user...

Cross-Domain Users & Authentication

In Vault, user accounts exist within a single domain. By setting up cross-domain users, Admins can grant a user access to vaults on a different...

About Delegated Authentication

Delegated authentication is similar to single sign-on (SSO) in that it allows users to access multiple applications without having to log in separately to each...

About Dynamic Access Control for Objects

Dynamic Access Control (DAC) is an access control model for object records, which automates the assignment of users to the records’ Viewer, Editor, and Owner...

About Hide User Information

Many organizations need to prevent external or cross-domain users from viewing names and identifying details of other users. With Hide User Information, users will not...

Creating & Managing Groups

Groups are key to managing user access in Vault. A group is simply a named list of users, but by defining groups that reflect the...

Managing Security Profiles & Permission Sets

Security profiles are how Vault applies permission sets to individual users. Permission sets grant users the ability to view or edit certain Admin areas, or...

Managing Users Across Vaults

Some vaults belong to domains with other vaults. If you have the Domain Admin user setting, you’ll see the Domain Users page, rather than...

Configuring Network Access Rules

The Network Access Rules page allows you to limit the IP addresses from which specific users can log in, based on those users’ security policies....

Configuring OAuth 2.0 / OpenID Connect Profiles

In order to configure SSO, you must first create a SAML profile. Then, you must provision users to use the profile. The following article...

Configuring Password Security Policies

The Security Policies page (Admin > Settings > Security Policies) allows you to create and manage password policies for users. These settings control password requirements,...

About Permission Sets

In Vault, permission sets are a way to group permissions together. Security profiles then use the permission sets to grant or restrict users’ access to...

Configuring SAML Profiles

In order to configure SSO, you must first create a SAML profile. Then, you must provision users to use the profile. Vault allows you to...

About License Types & Security Profiles

In Vault, each user has an assigned license type and security profile. Each security profile has one or more permission sets. The license type is...

About the Security Settings Page

The Security Settings page (Admin > Settings > Security Settings) allows you to view information about the vault. You must have a security profile that grants the...

SSL Certificate

Veeva Vault utilizes an SSL certificate to secure data between Vault and your web browser. The SSL certificate is cryptographic key that activates the HTTPS...

Single Sign-On Basics

Single Sign-On (SSO) is a process that allows users to access multiple authorized applications without having to log in separately to each application. SSO allows organizations...

Single Sign-On Details

When single sign-on (SSO) is enabled for a user, Vault does not validate that user’s password. Instead, Vault relies on an external identity provider to...

Single Sign-On FAQ

Here you’ll find answers to some frequently asked questions about single-sign on and Vault.

About Strict Security Mode

In past releases, Vault provided two security modes for administrator access to documents, known as “strict” and “non-strict.” After V10, we will continue to support the non-strict...

Managing the User & Person Objects

This article explains how to create and modify users with the User and Person objects. Managing users with the flexibility of Vault objects allows you...

Veeva IP Addresses

If your organization wants to whitelist Veeva sites, we recommend doing so by domain: