Product integration description and diagram

A diagram of CyberArk and PingIdentity Product' Integration
  1. The user initiates an identity provider (IdP) URL to access CyberArk. The IdP solution (PingOne for Enterprise or PingFederate) validates the user through the configured authentication flow.
    Note:

    (Not shown) Alternatively, the user could attempt to access CyberArk directly. CyberArk would redirect the user to step 1 with a SAML request to validate the user.

  2. PingFederate or PingOne for Enterprise invokes the PingID MFA process.
  3. After the MFA process is completed, the IdP solution redirects the user’s browser to CyberArk with a SAML assertion.
  4. (Not shown) CyberArk validates the SAML assertion and grants access.

PingFederate overview

PingFederate enables:

  • Outbound and inbound solutions for SSO
  • Federated identity management
  • Customer identity and access management (CIAM)
  • Mobile identity security
  • API security
  • Social identity integration

Browser-based SSO extends employee, customer, and partner identities across domains without passwords, using only standard identity protocols, such as SAML, WS-Fed, WS-Trust, OAuth and OpenID Connect, and SCIM. For more information, see PingFederate Getting Started Guide.

PingOne for Enterprise Overview

PingOne for Enterprise is a cloud-based identity as a service (IDaaS) framework for secure identity access management. Use PingOne for Enterprise to give members of your organization secure SSO to cloud applications. For more information, see PingOne for Enterprise overview.

PingID Overview

PingID is a cloud-based authentication service that binds user identities to devices. During the PingID authentication process, the PingID service sends an authentication request to the user's device, requiring no password response: the user just swipes to authenticate. For more information, see PingID overview.