Product integration description and diagram
- The user initiates an identity provider (IdP) URL to access CyberArk. The IdP
solution (PingOne for Enterprise or PingFederate) validates the user through the
configured authentication flow.Note:
(Not shown) Alternatively, the user could attempt to access CyberArk directly. CyberArk would redirect the user to step 1 with a SAML request to validate the user.
- PingFederate or PingOne for Enterprise invokes the PingID MFA process.
- After the MFA process is completed, the IdP solution redirects the user’s browser to CyberArk with a SAML assertion.
- (Not shown) CyberArk validates the SAML assertion and grants access.
- Outbound and inbound solutions for SSO
- Federated identity management
- Customer identity and access management (CIAM)
- Mobile identity security
- API security
- Social identity integration
Browser-based SSO extends employee, customer, and partner identities across domains without passwords, using only standard identity protocols, such as SAML, WS-Fed, WS-Trust, OAuth and OpenID Connect, and SCIM. For more information, see PingFederate Getting Started Guide.
PingOne for Enterprise Overview
PingOne for Enterprise is a cloud-based identity as a service (IDaaS) framework for secure identity access management. Use PingOne for Enterprise to give members of your organization secure SSO to cloud applications. For more information, see PingOne for Enterprise overview.