Veeva System - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Veeva using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Veeva, ensure you meet the following requirements:
Veeva admin rights
MPAS Admin rights
Make sure that all users intended to use SSO in Veeva are registered in your IdP and have the necessary permissions to access Veeva.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Veeva System - SSO configuration
Step 1 - Configure in Veeva (Service Provider)
- Log in to the Veeva Vault Admin Console.
- Navigate to Settings
- Go to Users & Groups
- Select Single Sign-On Profiles.
- Create a new SAML Profile.
- Enable SAML 2.0 as the authentication method.
- Open the SAML Configuration section.
- Complete the different fields:
| Field | Value |
|---|---|
| SP-Initiated Request URL | https://<your_veeva_domain>/sso/login |
| Default Logout URL | https://<your_veeva_domain>/sso/logout (optional – no full SLO support) |
| IdP Entity ID (Issuer) | https://ca.auth.kzero.com/<TENANT_NAME> |
| IdP Login URL | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml |
| IdP Certificate | Upload the X.509 certificate from Multi-Pass |
- ForceAuthn = ON (required if eSignature is enabled).
- Force NameID Format = ON.
- Force POST Binding = ON (recommended).
- Sign Assertions = ON.
Step 2 - Configure in Multi-Pass (Identity Provider)
- Open Multi-Pass Dashboard
- Open the Multi-Pass Dashboard and select the correct tenant.
- Go to Integrations, then click Applications.
- In the Custom Integration section, choose SAML.
- Complete the form with the following information :
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | https://<your_veeva_domain>/saml/metadata |
| Name | veeva |
| Description | Veeva SSO Integration |
| Always display in UI | ON |
Assertion Consumer Service (ACS) URL / Vault SSO Login URL | https://<your_veeva_domain>/sso/acs |
- Download the x.509 certificate, it will be uploaded in Veeva.
- Click on Add integration
- On the left side click on advanced Console
- Select Client, then search for the integration you just created.
- Make sure the fields are well completed :
General settings
| Field | Value |
|---|---|
| Client ID | https://<your_veeva_domain>/saml/metadata |
| Name | veeva |
| Description | Veeva SSO Integration |
| Always display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://<your_veeva_domain>/sso/acs |
IDP-Initiated SSO URL name | <APP_NAME |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Now that you have checked the different parameters, change to the tab called “Keys”.
- Make sure that both parameters are switched to OFF.
- Now go to the “Advanced” tab.
- The field “Assertion Consumer Service POST Binding URL” must equal the Valid Redirect URIs (ACS).
Post-configuration checks
- Now that you have checked the different parameters, change to the tab called Keys. Make sure that both parameters are switched to OFF.
- Now go to the Advanced tab. The field Assertion Consumer Service POST Binding URL must equal the Valid Redirect URIs (ACS).
Related Articles
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Joomla - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Odoo - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Odoo using MPAS. SSO simplifies user authentication by allowing access to multiple ...