This topic describes how to invite Vendors to Remote Access.
Administrators, Vendor Managers, and external Vendors who have the relevant permissions, can invite vendors to Remote Access, providing them with just-in-time access to critical organizational applications and web apps.
There are a few different methods for creating, sending and accepting invitations. Incorporate invitation workflows that best suits your organization.
Click on each option to learn more:
The most direct way to invite a vendor is by filling out the invitation form in the Remote Access web portal or in the CyberArk Mobile app. This method can be used for creating ad-hoc invitations.
Go to Identities > Vendors, and click Invite vendors.
You can invite vendors from the Remote Access web portal or from the CyberArk Mobile app. The information below is relevant for both options.
Enter the general details for this vendor.
The name of the company that the vendor represents.
Vendor's first name.
Vendor's last name.
The vendor's email address in the company they represent.
Phone number to register
The phone number that the vendor entered when they registered for Remote Access.
Whether this vendor authenticates to Remote Access with an SMS code/phone call and a token received by email, instead of scanning the QR code with the CyberArk Mobile app.
For details about this sign in flow, see Join Remote Access using phone/text and email tokens.
Unique landline extension (if exists)
If you enabled the above option, you can add the user's unique landline extension for vendors who can only be identified via landline phone numbers.
Allows you to select the language of the invitation.
Default = English
Currently Japanese is supported.
This option is available only if the Language selector toggle is turned on in Settings. For details, see Set vendor invitations general settings.
Set the vendor activation policy and access time frame.
A time frame that limits this vendor's access to applications.
Some of the access time frame options might be limited according to restrictions set by the Admin or by the Vendor Manager.
Time zone - The time zone set for this access time frame. This setting should be set according to the location of this vendor.
From date - To date - Select the dates that this vendor can access applications. Start and end of day are determined by the selected time zone.
Allowed working days - Set the days of the week this vendor is allowed to access applications, within the selected access dates. For example, allow this vendor to access applications Mondays through Fridays, but not on Saturdays and Sundays.
Allowed working hours - Set the allowed hours during the day that this vendor is allowed to access applications, within the selected access dates and working days. For example, allow this vendor to access applications from 9:00 AM to 6:00 PM only.
Currently, allowed working hours and days can be edited from the Edit invite vendor form only.
Set the vendor delegation policy.
Whether this vendor can invite other vendors, providing them with external vendor manager rights. During the sub-vendor invitation process, this top-level vendor can choose a subset of their own time frame, applications, and groups for their invited vendors.
Whether the account activation for the sub-vendors invited by this external vendor manager, requires Admin or Vendor Manager confirmation, or is automatically activated after registration. For more information, see Confirm vendor sign-up.
Number of vendors to invite
Whether this external vendor manager can invite an unlimited number of sub-vendors, or is limited to a specific number.
This number applies to the number of sub-vendors who join Remote Access, not to the number of invitations that this vendor can send. It is displayed in the user's drop-down profile, as described in Invite Vendors.
Allows you to determine specific email domains this external vendor manager is allowed to send invitations to.
If a list of allowed email domains is already set in Identities settings, or is restricted for the Vendor Manager inviting this vendor, this toggle is automatically turned on, and you can remove or add domains from the authorized list only.
Determine the applications this vendor is allowed to access.
Select the Privilege Cloud applications that this vendor is allowed to access through Remote Access.
Allow access to CyberArk Identity web apps
Whether this vendor can access CyberArk Identity web apps.
This check box only appears if configured from the Settings - Identity SSO page.
This option needs to be enabled when applying Secure Cloud Access policies to vendors that need to access AWS cloud environments. For details, see Integrate Remote Access for AWS environments.
Select the method that this vendor user is created and managed.
Remote Access creates and manages the vendor in CyberArk Identity -
Set the vendor's user name, and select a predefined CyberArk Identity Role to determine the relevant access to specific web applications in your organization. You can select more than one Role.
Administer creates and manages the user - The Remote Access admin will create and manage the user for this vendor.
Select an invitation template and add comments.
Select custom invitation template
Choose a customized invitation to add to the vendor invitation.
Any comments you have about this vendor, including the purpose of this invitation. This is optional.