Enable your CyberArk users to access Trelica with Single-Sign-On (SSO).
Configuration in CyberArk
Add the Web App
- Go to Apps & Widgets > Web Apps and click Add Web Apps.
- Choose SAML and click Add.
- Confirm that you want to add the application.
- Close the Add Web Apps dialog so that you can edit the new app's settings.
Settings
- Enter a Name (e.g. Trelica), and Application ID (e.g.
trelica_saml
) - If you want users to see the tile in the User Portal ensure Show in app user list is checked ()
- Click Save and move to the Trust tab.
Trust
- Under Identity Provider Configuration, click Copy XML in the Metadata section.
- In a separate browser tab, switch to Trelica, and go to Admin > Settings > Users.
- Under Single Sign-On (SSO) > SAML providers, click the New button to add a new SAML identity provider.
- Enter a name (CyberArk) and paste in the XML metadata that you copied to the clipboard above:
- Click Create.
- Now you will need to paste the SAML Entity ID and SAML Assertion Consumer Service (ACS) URL from Trelica into CyberArk:
- Paste them in, and choose emailAddress as the NameID Format:
- Click Save and move to the SAML Response tab.
SAML Response
- You need to add two attributes to map the logged in user's first name and last name.
Attribute Name Attribute Value given_name
LoginUser.FirstName family_name
LoginUser.LastName - Click Save and move to the Permissions tab.
Permissions
Add the relevant users, roles or groups to the permissions tab. We recommend assigning to a test user before wider deployment.
Ensure the Run and Automatically Deploy checkboxes are selected.
Click Save and the status should change to Deployed.
Test the connection
From the User Portal, click the Trelica tile to login.
New users will be provisioned with the role specified under Admin > Settings > Users > Default role.
Comments
0 comments
Please sign in to leave a comment.