CyberArk cloud application
You must be signed in as a super administrator for this task.
Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign in to enterprise-cloud applications.
Set up SSO via SAML for CyberArk
Here's how to set up single sign-on (SSO) via SAML for the CyberArk® application.
Step 1: Get Google identity provider (IdP) information-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Security, and then the SSO settings:
You must be signed in as a super administrator for this task.
Click Set up single sign-on (SSO) for SAML applications.Or, if you don’t have that option:
Click Set up single sign-on (SSO).
- In the Set up single sign-on (SSO) section:
- Copy and save the SSO URL.
- Copy and save the Entity ID.
- Download the Certificate.
In the next step, you send this information to CyberArk via email. After they respond, you return to the Admin console in Step 3 below to finish SSO configuration.
Send an email to support@cyberark.com asking them to enable SAML 2.0 for your organization. Include the following identity provider (IdP) information copied in Step 1:
- SSO URL
- Entity ID
- Attach the IdP certificate you downloaded in Step 1 as an attachment to the email.
Tip: If you don't know your account host name, request that from CyberArk as well, as you'll need it to configure SSO in the Admin console in the next step.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Apps
SAML apps.
To see Apps on the Home page, you might have to click More controls at the bottom.
- Click Add
at the bottom right.
- Locate and click CyberArk in the application list.
- Click Next.
The Basic information window shows the Application name and Description seen by users.
- Click Next.
- On the Service Provider Details page, edit the ACS URL and Entity ID, replacing {your-hostname} with your account host name.
- Click Finish.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Apps
SAML apps.
To see Apps on the Home page, you might have to click More controls at the bottom.
- Select CyberArk.
-
At the top right of the gray box, click Edit Service
.
-
To turn on or off a service for everyone in your organization, click On for everyone or Off for everyone, and then click Save.
-
To turn on or off a service only for users in an organizational unit:
- At the left, select the organizational unit.
- Select On or Off.
- To keep the service turned on or off even when the service is turned on or off for the parent organizational unit, click Override.
- If the organization's status is already Overridden, choose an option:
- Inherit—Reverts to the same setting as its parent.
- Save—Saves your new setting (even if the parent setting changes).
Learn more about organizational structure.
- Ensure that your CyberArk user account email IDs match those in your Google domain.
- Close all browser windows.
- Open our CyberArk organizational page and attempt to sign in. You should be automatically redirected to the Google sign-in page.
- Enter your sign in credentials.
- After your sign in credentials are authenticated, you're automatically redirected back to CyberArk.