Skip to main content
Anthony_E
Staff
Anthony_E
Staff
November 4, 2024

Technical Tip: Configuring SAML with CyberArk

  • November 4, 2024
  • 0 replies
  • 355 views
Description This article describes how to configure SAML with CyberArk.
Scope FortiDLP.
Solution
  1. Log into the CyberArk UI.
  2. In the Identity Administration portal, select Apps, then select Add Web Apps.
  3. Select Custom.
  4. On the Custom tab, next to the SAML application select Add.
  5. In the Add Web App screen, select Yes to add the application.
  6. Select Close to exit the Application Catalog.
  7. Enter a Name and Description for the Reveal application.
  8. Go to the Trust page.
  9. Configure the Identity Provider Configuration:
    • Metadata radio button
    • Download the Metadata File or Copy the XML.
  10. Configure the Service Provider Configuration:
    • Select the Manual Configuration radio button
    • In the SP Entity ID/Issuer/Audience field, enter the Entity ID obtained from the Reveal UI.
    • In the Assertion Consumer Service (ACS) URL field, enter the ACS URL obtained from the Reveal UI.
    • Leave the Same as ACS URL and Response selected, and leave all other fields as they are.
  11. Select Save to preserve the changes.
  12. Go to the SAML Response page and configure SAML attributes
  13. On the SAML Response page, use the Attributes section to configure SAML attributes.
    • Select Add.
    • In the Attribute Name field, type Email or the preferred login name attribute name.
    • In the corresponding Attribute Value field, select LoginUser.Email.

 Anthony_E_0-1730716522196.png

 

    • Select Add.
    • In the Attribute Name field, type FirstName or the preferred first name attribute name.
    • In the corresponding Attribute Value field, select LoginUser.FirstName.
    • Select Add.
    • In the Attribute Name field, type LastName or the preferred last name attribute name.
    • In the corresponding Attribute Value field, select LoginUser.LastName.
    • Select Add
    • In the Attribute
    • In the corresponding Attribute Value field, select the preferred role attribute name. This can be an existing attribute or one created using these instructions. The attribute value must correspond to at least one role in the Reveal Infrastructure. Note: if using a custom attribute, then this must be entered in the form LoginUser.Get('custom_attribute_name').
    • To configure the login name attribute:
    • To configure first and last name attributes:
    • To configure the role attribute:
    • Select Save.

 

Related documents:

https://docs.cyberark.com/identity/latest/en/Content/Applications/AppsCustom/AddConfigSAML.htm?tocpath=Administrator%7CIntegrate%20apps%7CAdd%20custom%20applications%7CCustom%20SAML%20applications%7C_____1

https://docs.cyberark.com/identity/latest/en/Content/Applications/AppsOvw/SAMLResponseConfigure.htm#top
Terms & ConditionsAccessibility statement