Configuring a PingOne for Enterprise SAML Connection for CyberArk PVWA - PingOne for Enterprise - PingFederate

Use Cases

bundle
solution-guides
ft:publication_title
Use Cases
Product_Version_ce
category
ContentType
howtodoc
ContentType_ce
How-to

Set up SAML using PingOne for Enterprise for CyberArk Password Vault Web Access (PVWA).

You must have the following information from your CyberArk and PingID environments to configure a SAML connection in PingFederate or PingOne for Enterprise:
  • CyberArk’s SAML Entity ID (Audience Value).
    Note:

    In the step-by-step SAML configuration, the value of PasswordVault is used.

  • CyberArk’s Assertion Consumer Service (ACS) URL (POST Method). In this step-by-step SAML configuration example, the following values are used:
    • https://components.cyberark.local/PasswordVault/auth/saml/ for PVWA v9
    • https://components.cyberark.local/PasswordVault/api/auth/saml/logon for PVWA v10
  • A PingID registered account.
  • The PingID properties file. For more information, see Download the PingID properties file.
  1. Go to Applications > My Applications > SAML.
  2. In the Add Application list, select New SAML Application to open the New Application window configuration.
  3. In the Application Details workflow:
    1. Complete the Application Name, Application Description, Category, and Graphics fields.
    2. Click Continue to Next Step.
  4. In the Application Configuration workflow:
    1. Click I have the SAML configuration.
    2. Enter the Assertion Consumer Service (ACS) value.
    3. Enter the Entity ID value.
    4. Click Continue to Next Step.
  5. In the SSO Attribute Mapping workflow:
    1. Enter the Identity Bridge Attribute or Literal Value value.
      Note:

      This is the user value that identifies a CyberArk user.

    2. Click Save & Publish.