Creating a Web App
In order to connect to CyberArk you must first create a new Web App connection for Trelica.
In the Identity Administration section, go to Apps & Widgets > Web Apps and click Add Web Apps:
Choose Custom and then OpenID Connect:
Click Yes to confirm you want to add the new Web App.
The application will be added, but you need to close the Add Web Apps dialog to see it.
Settings
- Enter
trelica_integration
for the Application ID - For the Name, also enter 'Trelica Integration'
- You can download a logo here: https://www.trelica.com/trelica-crest-dark_256
Click Save and move to the Trust tab.
Trust
- Generate and enter a strong secret in the OpenID Connect client secret field.
- Choose Login initiated by the relying party (RP).
-
Add a redirect URI.
- If your Trelica instance is hosted in the US use:
https://app.trelica.com/IntegrationsApi/Integrations/CyberArk/AuthCallback
- In the EU use:
https://eu.trelica.com/IntegrationsApi/Integrations/CyberArk/AuthCallback
- If your Trelica instance is hosted in the US use:
- Leave Enable full url match checked.
You will need the OpenID Connect client ID and OpenID Connect client secret when connecting to Trelica. You can copy these to the clipboard from the Trust tab.
Click Save and move to the Tokens tab.
Tokens
- First of all check Generate access and ID tokens with new structure.
- Set the Access and ID token lifetime to 1 hour.
- Check the Issue refresh tokens checkbox.
- Set the Refresh token lifetime to 365 days.
Click Save and move to the Scope tab.
Scope
- Leave Prompt the user for consent to authorization request unchecked.
- Click Add.
- Enter
trelica
as the scope Name. - Ensure Define the scopes to access APIs is selected and then click Add to add the following REST Regex entries:
- Redrock/Query
- Org/ListAll
- Roles/GetRoleMembers
- UPRest/GetResultantAppsForUser
- If you want to use onboarding features (creating users, assigning users to roles, or temporarily exempting users from MFA) then create a scope called
onboarding
and assign the following REST Regex entries:- CDirectoryService/CreateUser
- CDirectoryService/GetUser
- SaasManage/AddUsersAndGroupsToRole
- CDirectoryService/ExemptUserFromMfa
- If you want to use offboarding features (suspending and deleting users, removing users from roles, or unassigning or removing mobile devices) then create a scope called
offboarding
and assign the following REST Regex entries:- CDirectoryService/SetUserState
- UserMgmt/RemoveUsers
- SaasManage/RemoveUsersAndGroupsFromRole
- Mobile/DeleteDevice
- Mobile/RemoveDeviceProfile
Click Save on the dialog, and then Save again on the page.
Move to the Permissions tab.
Permissions
Click Add to open the Select User, Group, or Role dialog.
- Search for an administrator.
- Check the box next to the user.
- Click Add.
Against the user you added, check the View, Run, and Automatically Deployed checkboxes.
Click Save - the Status of the application should change to Deployed:
You are now ready to connect to CyberArk from Trelica.
Connecting from Trelica
Go to Admin > Integrations > CyberArk and click Connect:
Enter your CyberArk URL - this is the URL you will have been using when logged in to CyberArk configuring the Web app.
The Client ID and Client Secret from the Trust tab.
Click Connect.
Comments
0 comments
Please sign in to leave a comment.