Cyberark

×

In this document you are going to set up IDmelon as an external IDP to the cyberark.

Login to cyberark administration panel

In order to set up the connection, you will need to log into your cyberark administration panel.

Add Identity Provider

In the cyberark administration panel, from the side menu, navigate to the Settings menu, then Click Users.

Under the Sources , Click External Identity Providers.

Click Add to add a new IDP config.

In the External Identity Providers Name, Choose your custom IDP name.

External Identity Providers Name : Your custom name

Activate the Active button to redirect your users to IDmelon.

Active : Click to Active

Choose SAML 2.0 as Federation Type.

Federation Type : SAML 2.0

For Federation Domains, Add your custom users domain as many as your users have.

Federation Domains : Your custom user domains

Then Click Inbound Metadata option

There are several Options which IDmelon supports all of them,But IDmelon recommends to Upload IDP configuration from URL.

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.

Upload IDP configuration from URL : idp_issuer_uri

Then Click Outbound Metadata option

IDmelon SAML configuration

You should Download metadata file and copy values of below fields from this cyberark panel to IDmelon Panel

Download Service Provider Metadata : Download Metadata

Click on Manual Configuration.

Assertion consumer service : Copy Service Provider Authentication Response URL.

Entity id : CN=CyberArk:Customer:{your custom subdomain in capital words}

My company Domain is https://aas4313.id.cyberark.cloud/ so my company subdomain which cyberark provided will be :
abl4313 so my entity id will be Example : CN=CyberArk:Customer:ABlL4313 .

You should copy values of below fields from this cyberark panel to IDmelon Panel.

Then Click Authentication option

In order to map IDmelon and cyberark users, Choose Optional in the Map federated user to existing directory use.

Map federated user to existing directory use : Optional

Click Save

Tips

Optional : Selecting Optional means authentication of a mapped federation user results in the user of the mapped directory service. If a user cannot be mapped, a new federated user is created.

Required : Selecting Required means the user of a federation will authenticate as the matching user of another directory service. If no match is found, login is denied. If Create cloud user if unable to map is also enabled, a matched CyberArk Cloud Directory user is created and login is permitted.

Suffixes for users domain Tips

In the cyberark administration panel, from the side menu, navigate to the Settings menu, then Click Customization.

Then under the Login, Choose Suffix, Click on Add button which is on the Right hand of the dashboard.

Add Custom Login Suffix ,example: [email protected]idmelon.com

Login Suffix : [email protected] custom domain

on the Advanced option user can mapped and log in with another suffix.

map users for sso : if you want to use another suffix domain which does not exist in cyberark but the user information exist in idmelon you have to uncheck Keep Login Suffix and Mapped Suffix the same and Choose your custom userdomain: Example : [email protected]

Click Save.