Deploy applications

To add and configure a Custom SAML application

You must assign users permissions for an application before that application is available to users for single sign-on. You can use one of the following methods to assign user permissions:

  • Assign permissions to user(s), group(s), and role(s) at the application level.
  • Assign member permissions to user(s), group(s), and role(s) for a set of applications.

    Refer to Manage application sets for more information.

  • Assign applications to roles.

    When you assign an application to a role, that role receives View and Run permissions for that application; however, the application is not automatically deployed - users must add it from the Recommended tab when they add applications in the User Portal.

CyberArk Identity deploys web and mobile applications to users with appropriate permissions. After you assign permissions for an application, CyberArk Identity adds it to the users’ Identity User Portal.

For users with enrolled devices, the web applications display on the Web Apps screen in the CyberArk Identity mobile app.

You must be a member of the System Administrator role or a role that has the Application Management permission to configure and deploy applications.

Assign permissions for an application

To assign permissions for an application

  1. On the Permissions page, click Add.

    The Select User, Group, or Role window appears.

  2. Select the user(s), group(s), or role(s) that you want to give permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Change the permissions if you want to add additional control or you prefer not to automatically deploy the application.

Watch the video!

Refer to the following table for more information about applications-specific permissions.




Users can modify application settings and application sets. Selecting this option also selects the View permission.

Additionally, a user in a role with the Application Management administrative right can enable this permission to allow other users or roles (without the Application Management right) to administer the application. See Delegate application management for more information.

Note that you cannot delete applications from the Identity Administration portal > Web Apps and Mobile Apps pages with just this permission. Add the Delete permission if you want a delegated application administrator to have the ability to delete applications.


Users with this permission can delete applications from the Identity Administration portal > Web Apps and Mobile Apps pages. Selecting this option also selects the View permission.


Allows users to launch the application from the User Portal.

Automatically Deploy

Automatically deploys the application to the User Portal. If Automatically Deploy is not selected, users can find the application in the Recommended tab when adding applications to the User Portal.

The Show in user app list option takes priority over the Automatically Deploy permission. For example, if Show in user app list is not selected, applications do not appear in the User Portal or in the Recommended tab even if you select the Automatically Deploy permission.

The following video contains more information about deploying apps as Recommended.

Assign an application to a role

To assign an application to a role using the Assigned Applications page

  1. Log in to the Identity Administration portal.
  2. Click Core Services > Roles.
  3. Select the role to which you want to assign the application
  4. Click Assigned Applications > Add.
  5. Select the application or applications that you want assigned to the role, then click Add.

  6. Click Save.

    The next time the role members open the user portal or refresh their window, the application is displayed.