--- title: CyberArk’s authentication methods description: CyberArk administrators can configure one or more authentication methods between the CyberArk Credential Provider and its Vault. component: pingfederate version: 13.0 page_id: pingfederate:administrators_reference_guide:pf_cyberark_authentication_methods canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_cyberark_authentication_methods.html revdate: February 6, 2023 section_ids: hash-authentication-method: Hash authentication method os-user-authentication-method: OS user authentication method --- # CyberArk's authentication methods CyberArk administrators can configure one or more authentication methods between the CyberArk Credential Provider and its Vault. The Credential Provider supports any combination of the following authentication methods: * Hash * OS user * Allowed machines * Path Learn more about CyberArk's authentication methods in [Application authentication methods](https://docs.cyberark.com/credential-providers/12.1/en/content/cp%20and%20ascp/application-authentication-methods-general.htm) in the CyberArk documentation. The following sections provide additional information specific to using the hash authentication method and OS user authentication method with PingFederate. ## Hash authentication method Learn more about using the hash authentication method in [Authenticate with a hash value](https://docs.cyberark.com/credential-providers/12.1/en/content/cp%20and%20ascp/authenticating-application-hash.htm) in the CyberArk documentation. | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | The hash changes when you perform a major or minor upgrade, or a maintenance update, of PingFederate. So you must regenerate the hash after an upgrade or update, otherwise PingFederate won't be able to retrieve credentials from CyberArk. | The following syntax and examples show how to use CyberArk's aimgetappinfo utility to generate a hash in Linux and Windows environments. Linux syntax ``` aimgetappinfo GetHash -FilePath "/pf-core-plugins.jar" ``` Linux example command and its output ``` /opt/CARKaim/bin$ ./aimgetappinfo GetHash -FilePath "/home/imok/Downloads/pingfederate-11.0.0/pingfederate/server/default/lib/pf-core-plugins.jar" Command ended successfully ``` Windows syntax ``` AIMGetAppInfo GetHash /FilePath "\pf-core-plugins.jar" ``` Windows example command and its output ``` C:\Program Files (x86)\CyberArk\ApplicationPasswordProvider\Utils>AIMGetAppInfo GetHash /FilePath "C:\Users\Administrator\Downloads\pingfederate-11.0.0\pingfederate\server\default\lib\pf-core-plugins.jar" Command ended successfully ``` ## OS user authentication method Learn more about the OS user authentication method in [OS user authentication](https://docs.cyberark.com/credential-providers/12.1/en/content/cp%20and%20ascp/application-authentication-methods-general.htm#osuser) in the CyberArk documentation. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | In a Windows environment, if the PingFederate Windows service is installed or configured with Log On As: Local System, the CyberArk admin must enter `NT AUTHORITY\SYSTEM` as the OS user entry. |