Configuring a PingFederate authentication policy using PingID MFA authentication for CyberArk PVWA - PingID

Configuring a PingFederate authentication policy using PingID MFA authentication for CyberArk PVWA - PingID - PingFederate

Use Cases

bundle

solution-guides

ft:publication_title

Use Cases

Product_Version_ce

category

ContentType

howtodoc

ContentType_ce

How-to

For CyberArk and Ping Identity best practices, deploy MFA for all single sign-on (SSO) requests to the CyberArk Password Vault Web Access (PVWA).

Integrate a PingFederate authentication policy with PingID multi-factor authentication (MFA).

Note:

The following configuration steps assume you are creating a new authentication policy specifically for MFA to the CyberArk PVWA. If other existing authentication policies are in use, modify your policy tree to perform this task.

Go to Authentication > Integration > IdP Adapters.
The Manage IdP Adapter Instances page opens.
Click Create New Instance.
On the Type tab, enter a Instance Name and anInstance ID
In the Type list, select the PingID Adapter 2.6 adapter type. Click Next.
On the IdP Adapter tab, select Choose File and upload the PingID properties file. Click Next.
On the Extended Contract tab, click Next.
On the Adapter Attributes tab, select the Pseudonym check box for the subject attribute. Click Next.
On the Adapter Contract Mapping tab, click Next.
On the Summary tab, click Done to return to the Manage IdP Adapter Instances page.
Click Save.
Create a new authentication policy.

Note:
These steps will help you create a new authentication policy. For general information about configuring authentication policies, see Policies in the PingFederate documentation.
1. Go to Authentication > > Policies to open the Authentication Policies window.
2. On the Policies tab, select the IDP Authentication Policies check box. Click Add Policy.
  A new Policy configuration page opens.
3. Enter an authentication policy name in the Name field and a description in the Description field.
4. In the Policy list, select HTMLForm - (Adapter).
5. In the Fail list, click Done.
6. In the Success list, select PingID - (Adapter).
7. In the Fail list, select Done.
8. In the Success list, select cyberark - (Policy Contract).
9. In the Success list, where PingID - (Adapter) is selected, click Options.
  A new Incoming User ID modal opens.
10. In the Source list, select Adapter (HTMLForm).
11. In the Attribute list, select username. Click Done to close and exit the modal.
12. On the Policy page, click Done to return to the Authentication Policies configuration page.
13. In the Policy Contracts section, click Contract Mapping for the CyberArk policy contract.
  A new Authentication Policy Contract Mapping page opens.
14. On the Attribute Sources & User Lookup tab, click Next.
15. On the Contract Fulfillment tab, in the Source list, select Adapter (HTMLForm).
16. In the Value list, select username. Click Next.
17. On the Issuance Criteria tab, click Next.
18. On the Summary tab, click Done to return to the Authentication Policies window configuration.
19. Click Save. Click Done.