1. Go to Administration > Options.
  2. Expand Authentication Methods, and then select saml.
  3. In the Properties pane, enter a name in the DisplayName field to be displayed in the PVWA sign-on page.
  4. In the Enabled field, enter Yes.

    Choose a name that clearly identifies Ping Identity.

    A screen capture of CyberArkSAML authentication method configuration highlighting the DisplayName and Enabled fields.
  5. Go to Administration > Options
  6. In the Options pane, select Access Restriction.
  7. Right-click Access Restriction, and in the context menu, select Add Allowed Referrer.
  8. In the Properties pane, in the BaseUrl field, enter the URL of your Ping Identity tenant host.
  9. In the Regular Expression field, enter No. Click Apply.
    A screen capture of CyberArk access restrictions settings

    Your changes are saved when the Your changes have been saved successfully modal appears.

  10. Open the PVWA web.config file and in the <appSettings> section, add the following key and value pairs:
    • addkey="IdentityProviderLoginURL" value="your identity provider login URL"
    • addkey="IdentityProviderCertificate" value="your certificate"

      Get an ASCII export of the certificate and remove all CR's to make the entry a single line.

    • addkey="Issuer" value="PasswordVault"

      PasswordVault is the default value.

    A screen capture of the PVWA web.config file edited for CyberArk saml configuration.
  11. Save the file and restart IIS.