Configuring a PingOne for Enterprise SAML Connection for CyberArk PVWA - PingFederate

Configuring a PingOne for Enterprise SAML Connection for CyberArk PVWA - PingFederate - PingOne for Enterprise

How-to Guides

bundle

solution-guides

ft:publication_title

How-to Guides

Product_Version_ce

category

ContentType

howtodoc

ContentType_ce

How-to

Page created: 7 May 2020 |

Page updated: 29 Dec 2022

| 1 min read

Content Type How-to PingFederate Product PingOne for Enterprise SAML Standards, specifications, and protocols

Set up SAML using PingOne for Enterprise for CyberArk Password Vault Web Access (PVWA).

You must have the following information from your CyberArk and PingID environments to configure a SAML connection in PingFederate or PingOne for Enterprise:

CyberArk’s SAML Entity ID (Audience Value).
Note:
In the step-by-step SAML configuration, the value of PasswordVault is used.
CyberArk’s Assertion Consumer Service (ACS) URL (POST Method). In this step-by-step SAML configuration example, the following values are used:
- https://components.cyberark.local/PasswordVault/auth/saml/ for PVWA v9
- https://components.cyberark.local/PasswordVault/api/auth/saml/logon for PVWA v10
A PingID registered account.
The PingID properties file. For more information, see Download the PingID properties file.

Go to Applications > My Applications > SAML.
In the Add Application list, select New SAML Application to open the New Application window configuration.
In the Application Details workflow:
1. Complete the Application Name, Application Description, Category, and Graphics fields.
2. Click Continue to Next Step.
In the Application Configuration workflow:
1. Click I have the SAML configuration.
2. Enter the Assertion Consumer Service (ACS) value.
3. Enter the Entity ID value.
4. Click Continue to Next Step.
In the SSO Attribute Mapping workflow:
1. Enter the Identity Bridge Attribute or Literal Value value.
  
  Note:
  This is the user value that identifies a CyberArk user.
2. Click Save & Publish.