Configure a SAML configuration for PingFederate or PingOne for Enterprise to provide single sign-on (SSO) to CyberArk.
- Go to Administration > Options.
- Expand Authentication Methods, and then select saml.
- In the Properties pane, enter a name in the DisplayName field to be displayed in the PVWA sign-on page.
-
In the Enabled field, enter
Yes.
Tip:
Choose a name that clearly identifies Ping Identity.
- Go to Administration > Options
- In the Options pane, select Access Restriction.
- Right-click Access Restriction, and in the context menu, select Add Allowed Referrer.
- In the Properties pane, in the BaseUrl field, enter the URL of your Ping Identity tenant host.
-
In the Regular Expression field, enter
No. Click Apply.
Note:
Your changes are saved when the Your changes have been saved successfully modal appears.
-
Open the PVWA web.config file and in the
<appSettings>
section, add the following key and value pairs:addkey="IdentityProviderLoginURL" value="your identity provider login URL"
addkey="IdentityProviderCertificate" value="your certificate"
Tip:Get an ASCII export of the certificate and remove all CR's to make the entry a single line.
addkey="Issuer" value="PasswordVault"
Note:PasswordVault
is the default value.
- Save the file and restart IIS.