Shared spreadsheets of passwords, sticky notes on monitors, and the dreaded “what was that login again?” Slack message - every growing team eventually hits the wall where personal password habits stop scaling. Zoho Vault solves the team credential problem with a zero-knowledge password manager that handles personal logins, shared team accounts, granular permissions, and audit trails in one place. This Zoho Vault tutorial walks through a complete deployment from signup to long-term maintenance.
If your team already runs other Zoho apps, Zoho Vault ships free inside the Zoho One bundle - see Zoho One pricing for current per-user rates. If you only need the password manager itself, Zoho Vault sells a free Personal tier for individuals and standalone team plans at single-digit dollars per user per month, with the Zoho One bundle being the better value if you also use other Zoho apps. By the end of this guide you will have a working Zoho password manager deployment, your team invited with the right roles, and security controls turned on.
Why Teams Need a Shared Password Manager
The moment a second person needs access to a SaaS account, password management stops being personal. Marketing needs the social media logins. Finance needs the payment processor credentials. Engineering needs production database keys. Without a shared system, those credentials end up in DMs, screenshots, and “passwords.xlsx” files that nobody updates.
A team password manager like Zoho Vault solves four problems at once. First, it gives every employee a personal vault for their own logins, encrypted with their own master password. Second, it lets administrators share specific credentials with specific people or groups, with granular read-only or full-access permissions. Third, it produces an audit log so you know who accessed what and when. Fourth, when someone leaves the company, you revoke their access in one click rather than rotating every shared password manually.
Zoho Vault uses AES-256 encryption with host-proof hosting, meaning Zoho itself cannot read your passwords - only the master password held by each user can decrypt them. That zero-knowledge architecture matters because it limits the blast radius if Zoho’s servers were ever breached.
Prerequisites Before Starting
Before you begin the Zoho Vault setup, gather a few pieces of information so the walkthrough goes smoothly.
You will need a list of team members and their email addresses, a sense of which shared accounts you want to migrate first (start small with five to ten high-value accounts rather than your entire credential library), and admin access to your domain’s DNS records if you plan to enable single sign-on later. If your organization already has a Zoho One subscription, log in with those credentials - Vault is included automatically. Otherwise have a payment method ready for the standalone team plan, or sign up for the free Personal tier first to evaluate the interface.
A few decisions to make in advance: who will be the Vault administrator (this person manages users, shared folders, and policies), which roles need access to which credentials, and whether you want to enforce two-factor authentication from day one (recommended).
Step 1: Sign Up for Zoho Vault
Navigate to vault.zoho.com and click the sign-up button. You can create a Vault account with your work email or sign up using existing Google, Microsoft, or LinkedIn credentials. If your team already has a Zoho account from CRM, Mail, or any other Zoho product, sign in with that same account - Vault will inherit your organization context.
After confirming your email, Zoho prompts you to set a master password. This is the single most important password you will ever create because it is the only thing that can decrypt your vault. Zoho cannot reset it for you. Pick a passphrase you can remember but nobody could guess - four random words plus a number and special character is a good pattern. Store the master password offline in a safe place during the rollout in case you forget it before you have your team established.
Once your master password is set, Zoho generates an encryption key tied to that password. The free Personal tier activates immediately with unlimited passwords for a single user. To upgrade to a team plan or onboard via Zoho One, use the Subscriptions panel inside the Vault settings.
Step 2: Install Browser Extensions and Mobile Apps
A password manager only works if it shows up everywhere you log in. Zoho Vault offers browser extensions for Chrome, Firefox, Safari, and Edge, plus mobile apps for iOS and Android.
Install the browser extension first. Visit the Chrome Web Store, Firefox Add-ons, Safari Extensions, or Edge Add-ons and search for “Zoho Vault.” After installing, click the extension icon and sign in with your Zoho account and master password. The extension will offer to autofill credentials when you visit known login pages and prompt you to save new passwords when you create accounts.
Next, download the mobile apps from the App Store or Google Play. Sign in with the same credentials. On iOS, enable Zoho Vault as an autofill provider in Settings - Passwords - AutoFill Passwords. On Android, enable it in Settings - System - Languages and input - Autofill service. Now your phone can autofill into apps and Safari/Chrome.
Repeat the extension install on every browser your team uses. The first time someone signs in on a new device, Zoho Vault sends a verification email to confirm the device is authorized.
Step 3: Add Your First Passwords (Personal and Shared)
With extensions installed, start populating your vault. Click “Add Secret” inside the web app or use the browser extension to capture credentials as you log in to existing accounts.
For each entry, Zoho Vault stores a name, URL, username, password, secret type (web account, SSH key, credit card, secure note, license key, and others), and any custom fields you need. The built-in password generator can create strong random passwords - configure it for length and character classes when you rotate weak existing passwords (the NIST SP 800-63B guidelines are the modern reference for password strength). For accounts that should be shared with the team, leave them in your personal vault for now; you will move them to shared chambers in the next step.
Resist the urge to import your entire credential library on day one. Instead, build the habit by saving new passwords as you create accounts and adding existing logins each time you sign in to a service. Within a few weeks your vault will populate naturally without becoming an overwhelming migration project. For a faster start, Zoho Vault supports CSV imports from LastPass, 1Password, Bitwarden, KeePass, and several browser-stored password formats - find the importer under Settings - Import.
Step 4: Create Folders and Chambers
Folders organize your personal passwords. Chambers organize passwords shared across the team. Both use a similar interface, but chambers add the multi-user permission layer that makes a Zoho Vault team deployment work.
Start by creating folders inside your personal vault for categories like “Banking,” “Development,” “Marketing Tools,” and “Personal.” Drag existing passwords into the appropriate folder. Folders can be nested so you can build a hierarchy like Marketing - Social Media - Twitter Accounts.
Now create chambers for shared team credentials. Common chamber patterns include one chamber per department (Marketing Chamber, Engineering Chamber, Finance Chamber), one chamber per project or client, and one master “Company Wide” chamber for credentials every employee needs (the office Wi-Fi password, the company VPN, shared design tools). Inside each chamber, organize secrets into sub-folders the same way as personal vaults.
Take time to design your chamber structure before inviting users. Reorganizing chambers after the team is using them creates confusion about where to find things. A good rule: if you can describe a chamber in five words or fewer, it is probably named correctly. “Marketing - Paid Ads” is clear. “Various Marketing and Growth Tools” is not.
Step 5: Invite Your Team and Assign Roles
With your chamber structure in place, invite the team. Open the Admin panel, navigate to Users, and click “Add User.” Enter each team member’s email address. Zoho sends them an invitation to create a Vault account if they do not already have one. If your organization is on Zoho One, users are imported automatically from the central directory.
Zoho Vault offers several built-in roles. Super Admin has full control including billing and policies. Admin can manage users, chambers, and shared passwords but not billing. Manager can create and manage chambers they own. User has access only to their personal vault and chambers shared with them. Custom Admin lets you grant specific administrative powers without giving full Super Admin rights.
Assign the most restrictive role that lets each person do their job. Most employees should be Users. A small group of two to three people should be Admins so the team is not blocked when one admin is on vacation. Reserve Super Admin for one or two trusted people who handle billing.
Once invited, users set their own master password and generate their own encryption key. Until they do, no shared passwords can decrypt for them - so follow up with anyone who has not completed onboarding within a few days.
Step 6: Share Passwords Securely with Permissions
This is where Zoho Vault earns its keep over a shared spreadsheet. Inside any chamber, select a password and click Share. You can share with individual users or with entire user groups (which you can create in the Admin panel - Groups for things like “Marketing Team” or “On-Call Engineers”).
Permissions are granular. View Password lets the recipient see and copy the password. Manage gives them full edit rights including the ability to change or delete the secret. Autologin Only is the most restrictive - the recipient can autofill the password into the website but never view the actual characters, which is perfect for contractors who need to use an account but should not have the credential itself.
You can also set time-bound access. Grant a contractor View Password access that expires in 30 days, and Zoho Vault automatically revokes it on the expiry date. Combine that with the audit log to know exactly when each shared password was last accessed and by whom.
For especially sensitive credentials like production database admin accounts, enable Access Workflow Approval. With this turned on, even users who have been granted permission must request access each time, and an admin must approve the request before the password is revealed. This adds friction but creates an unmistakable paper trail for your most critical secrets.
Step 7: Configure SSO and Two-Factor Authentication
Two-factor authentication on the Vault account itself is the single most important security control you can enable. Without it, an attacker who phishes a master password gains access to the entire vault. With it, they would need the second factor too.
Open Settings - Multi-factor Authentication and enable TOTP (time-based one-time password) using an authenticator app like Google Authenticator, Authy, or Microsoft Authenticator. Zoho Vault also supports YubiKey hardware tokens for higher-assurance environments. Enforce two-factor for all users via the Admin panel - Policies, not just as an opt-in - the day you make it optional is the day three people opt out and become your weakest link.
For larger deployments, configure SAML single sign-on so users authenticate with your existing identity provider (Okta, Microsoft Entra ID/Azure AD, Google Workspace, OneLogin, JumpCloud, and others). With SAML SSO active, users sign in to Vault with their corporate identity and inherit your IdP’s password and MFA policies. SAML SSO support is available on paid Vault tiers and through Zoho One.
If you use Active Directory or Azure AD, enable directory provisioning so user accounts are created and deactivated automatically as people join and leave the company. This eliminates one of the biggest password-manager risks: orphaned accounts belonging to ex-employees that nobody remembered to disable.
Step 8: Audit Logs and Security Reports
Zoho Vault records every meaningful action - password views, edits, shares, exports, login attempts, policy changes - in an immutable audit log. Open the Audit panel to filter by user, date range, action type, or specific secret. Export filtered logs to CSV for compliance reporting or to feed into a SIEM tool.
The Reports section gives you a security health view of your deployment. The Password Strength report flags weak or duplicate passwords across the organization. The Inactive Users report shows accounts that have not signed in recently - prime candidates for deactivation. The Access Reports show which secrets are accessed most and least, helping you spot stale credentials that nobody uses anymore.
Set a recurring calendar reminder to review the audit log and security reports monthly. The point is not to catch breaches in real time (you should set alerts for that) but to maintain a healthy hygiene cycle: stale users get deactivated, weak passwords get rotated, and unused secrets get archived.
Maintaining Your Zoho Vault Setup Long-Term
A password manager is not a “set it up once and forget it” tool. The Zoho Vault setup you complete today needs ongoing care to keep delivering value. Build these recurring tasks into your operations cadence.
Quarterly, run the Password Strength report and rotate any flagged credentials. Audit chamber membership - remove people who no longer need access to a chamber, and add new joiners to the chambers their role requires. Review the role assignments to confirm Admins still need their elevated privileges.
Whenever someone leaves the company, deactivate their Vault account immediately as part of your offboarding checklist. If they had access to highly sensitive shared credentials, rotate those passwords as well, even though Zoho Vault revokes their decryption ability the moment you deactivate them. The defense-in-depth principle applies: revoke access AND rotate the underlying secret for anything truly sensitive.
Monitor Zoho’s security advisories and product updates. Zoho ships new features regularly - passwordless authentication options, improved mobile autofill, expanded SSO integrations. Staying current means your team gets the benefit of new security capabilities without having to migrate to a different tool. The Zoho One suite makes this easier because all the apps update together rather than requiring per-product attention.
Finally, keep your master password recovery process documented and tested. Zoho Vault supports trusted device recovery and emergency contact recovery for individual users, plus admin-initiated recovery flows for organization accounts. Walk through the recovery process once with a test account so you know it works before you need it in an actual emergency.
The Bottom Line on Zoho Vault
For teams already invested in the Zoho ecosystem, Zoho Vault is the obvious password manager choice - it ships free inside Zoho One, integrates with the rest of the Zoho directory, and uses the same admin patterns as the other Zoho apps your team already knows. For teams not on Zoho, the standalone Vault plans compete favorably with dedicated password managers on price while offering the encryption architecture and granular sharing controls that the category requires.
The 45 minutes you invest in this Zoho Vault setup pays back the first time a contractor needs temporary access to a shared account, the first time someone leaves the team and you revoke their credentials in one click instead of a 90-minute rotation marathon, and the first audit where you produce a clean access log on demand. Done is better than perfect - get the chambers, users, and 2FA configured this week, then iterate on policies and reports over the following months.
Frequently Asked Questions
Is Zoho Vault free for personal use?
Yes. Zoho Vault offers a free Personal tier with unlimited passwords for a single user, including the browser extensions, mobile apps, password generator, and basic two-factor authentication. The free tier is genuinely usable for individuals and a reasonable way to evaluate the interface before rolling out a Zoho password manager deployment to your team. Team features like shared chambers, granular permissions, audit logs, SAML SSO, and directory provisioning require a paid plan or inclusion via Zoho One.
How does Zoho Vault compare to 1Password or Bitwarden for teams?
All three are reputable team password managers with zero-knowledge encryption architectures and granular sharing. Zoho Vault’s main advantage is integration with the broader Zoho ecosystem - if your team already uses Zoho CRM, Mail, or other apps, Vault inherits the same directory and ships free inside Zoho One. 1Password and Bitwarden are stronger choices if you want a best-of-breed standalone password manager and do not use other Zoho products. Pricing comparisons depend on your team size and which features you need, so evaluate using each vendor’s current pricing page rather than relying on third-party comparisons.
Can I share passwords with someone outside my Zoho organization?
Yes, with limitations. Zoho Vault supports sharing individual secrets with external email addresses through a one-time secure link. The recipient does not need a Zoho Vault account to view the shared secret, but external sharing does not get the same audit and permission depth as internal sharing. For ongoing collaboration with external contractors, the better approach is to invite them as guest users to your organization with restricted role permissions, then add them only to the specific chambers they need.
What happens if an employee with shared passwords leaves the team?
When you deactivate the employee’s Vault account, their decryption ability for all shared chambers is revoked immediately - they can no longer access any team passwords through Vault. However, security best practice is to also rotate the underlying passwords for any highly sensitive accounts they had access to (production credentials, financial accounts, customer data systems). The defense-in-depth principle applies: revoking Vault access plus rotating the actual passwords protects against scenarios where the ex-employee may have copied passwords outside Vault during their tenure.
Does Zoho Vault support passkeys and passwordless login?
Zoho is actively expanding passwordless authentication support across its product line. Zoho Vault supports two-factor authentication via TOTP authenticator apps and YubiKey hardware tokens today, and SAML SSO lets you delegate authentication to identity providers that already support passkeys. Native passkey vault entries (storing passkeys for third-party sites inside Vault the way you would store passwords) are an evolving area across all password managers - check Zoho’s product roadmap and release notes for the current state of passkey support, since this category is changing quickly.
For current plan details, see Zoho One pricing.
Want to learn more about Zoho One?
Related Reading
- Zoho One: Complete Suite Review
- AI Tools for Small Business
- Best Productivity Suites
- AI Tools for Developers
Related Guides
- Zoho Connect Team Collaboration Setup
- Zoho People HR Setup: Onboarding, Time Off, and Employee Records
- Zoho Mail Custom Domain Setup: Migrate from Gmail
- Zoho Sign Setup Guide
- Zoho Assist Remote Support Setup Guide
External Resources
- Zoho Vault product page - official feature catalog and edition comparison.
- Zoho Vault help center - administrator and end-user documentation.
- NIST SP 800-63B password guidelines - the authoritative reference on modern password and MFA policy.
Related Guides
- Zoho AI Agents: Step-by-Step Zia Agent Studio Setup
- Zoho AI Guide: Zia Features, Pricing, and Use Cases 2026
- Zoho Assist Setup Guide: Free Remote Support for IT
- Zoho Bookings Setup: Schedule Appointments Fast
- Zoho Campaigns Setup: Send Your First Email Campaign
- Zoho Cliq Setup Guide 2026: Team Chat in 20 Minutes
- Zoho Commerce Setup Guide (2026): Domain to First Sale
- Zoho Connect Setup Guide: Build a Team Network 2026
- Zoho CRM For Small Business Explained (2026 Guide)
- Zoho CRM Pricing Guide: All Tiers & Costs Compared