This document provides the instructions for setting up UPSSO as a Third Party IDP to Cyberark application using OpenID.

PREREQUISITES

  1. Administrator access to the UPSSO portal.

  2. Administrator access to the Cyberark application.

CONFIGURING Cyberark OpenID in UPSSO

  1. Login into UPSSO portal as an administrator

  2. Click on the “Application Management” from the left side navigation menu.

  3. Click on the “+ New Record” button. And click the Openid Application.

  1. Enter the given fields to configure

Cyberark openid.

  • Name : Enter the name of the Cyberark openid

  • Client id : Enter the client ID of the Cyberark openid

  • Redirect url : Enter the redirect URL

  • Sub field : choose the sub field accordingly

  • Click url : Enter the click URL

  • Application Image : Select the openid logo

CONFIGURING UPSSO OPENID IN CYBERARK.

  1. Login into the Cyberark application as an administrator user.

  2. Search Administration in the navigation menu and select OIDC Authentication.

  3. Get the configuration details from your provider.

Display name : Enter name displayed to the end user on the login page.

Provider ID : unique ID used to identify the OIDC Provider in CyberArk.

Discovery URL : Enter URL returns metadata that defines the provider's configuration.

Client ID : unique identifier created by the provider when registering to a client application

Logoff URL : Optional

Client Authentication method : Enter the secret key from the provide.

User name claim (optional) : user's attribute in the ID token

  1. Click on SAVE button to save the configuration.

TESTING THE INTEGRATION

  1. Login into the UPSSO portal as a user having the same username as a Cyberark user.

  2. Click on the Cyberark OpenID.

  3. Select the OTP method and enter the OTP and click on the Verify button.

  4. Consent screen will be displayed , click on accept to login to the application.