CyberArk

Note: 1Password SaaS Manager was previously named Trelica. Some commands and integrations still use or refer to Trelica. Follow directions as written to avoid errors.

Creating a Web App

In order to connect to CyberArk you must first create a new Web App connection for 1Password SaaS Manager.

In the Identity Administration section, go to Apps & Widgets > Web Apps and select Add Web Apps:

Select Custom and then OpenID Connect:

Click Yes to confirm you want to add the new Web App. 

The application will be added, but you need to close the Add Web Apps dialog to see it.

Settings

On the Settings tab:

  1. For Application ID, enter SaaSManager_integration.
  2. For Name, also enter "SaaS Manager Integration".
  3. You can download a SaaS Manager logo here: https://brand.1password.com/share/zjVY8bk9aEBDwbVtUCSf/folders/104.

Select Save.

Trust

On the Trust tab:

  1. Generate and enter a strong secret in the OpenID Connect client secret field.
  2. Select Login initiated by the relying party (RP).
  3. Select Add to enter a redirect URL. The URL required will vary depending on whether you are using the trelica.app or trelica.eu environments:
  4. https://app.trelica.com/IntegrationsApi/Integrations/Figma/AuthCallback https://eu.trelica.com/IntegrationsApi/Integrations/Figma/AuthCallback
  5. Make sure Enable full url match is selected.

You will need the OpenID Connect client ID and OpenID Connect client secret when connecting to SaaS Manager. You can copy these to the clipboard from the Trust tab.

Select Save and move to the Tokens tab.

Tokens

On the Tokens tab:

  1. Select Generate access and ID tokens with new structure.
  2. Set the Access and ID token lifetime to 1 hour.
  3. Select Issue refresh tokens.
  4. Set the Refresh token lifetime to 365 days.

Select Save.

Scope

On the Scope tab:

  1. Leave Prompt the user for consent to authorization request unselected.
  2. Select Add.
  3. Enter SaaS Manager as the scope Name.
  4. Make sure Define the scopes to access APIs is selected, then select Add to add the following REST Regex entries:
    • Redrock/Query
    • Org/ListAll
    • Roles/GetRoleMembers
    • UPRest/GetResultantAppsForUser
  5. If you want to use onboarding features (creating users, assigning users to roles, or temporarily exempting users from MFA), then create a scope called onboarding and assign the following REST Regex entries:
    • CDirectoryService/CreateUser
    • CDirectoryService/GetUser
    • SaasManage/AddUsersAndGroupsToRole
    • CDirectoryService/ExemptUserFromMfa
  6. If you want to use offboarding features (suspending and deleting users, removing users from roles, or unassigning or removing mobile devices) then create a scope called offboarding and assign the following REST Regex entries:
    • CDirectoryService/SetUserState
    • UserMgmt/RemoveUsers
    • SaasManage/RemoveUsersAndGroupsFromRole
    • Mobile/DeleteDevice
    • Mobile/RemoveDeviceProfile

Select Save on the dialog, and then Save again on the page.

Permissions

On the Permissions tab:

Select Add to open the Select User, Group, or Role dialog.

  1. Search for an administrator. 
  2. Select the box next to the user.
  3. Select Add.

Against the user you added, Select View, Run, and Automatically Deployed.

Select Save. The Status of the application should change to Deployed.

You are now ready to connect to CyberArk from SaaS Manager.

Connecting from SaaS Manager

Within SaaS Manager, navigate to to Integrations > CyberArk and select Connect.

Enter your CyberArk URL. This is the URL you will have been using when logged in to CyberArk configuring the Web app. 

Enter the Client ID and Client Secret from the Trust tab.

Select Connect.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.