Create user portal access orchestration

This topic describes how to create rule-based access flow to sign in to the user portal.

Step 1: Select the access orchestration

  1. Go to Core Services > Access Orchestrator, and click Add.

  2. Select User Portal and click OK.

  3. Enter a name for your access request, click +, and select from the following:

    1. Click Add Filter, select from the filter options, and click Add.

      For more information on defining the filters and conditions, see Create authentication rules.

    In this example, the goal is to set the authentication rule and the profile for the rule. For illustration purposes, this procedure uses the Day of Week filter with the Default Other Login Profile.

    1. Click the Filter drop-down, and then click Day of Week.

    2. Select Tuesday (T) and Thursday (Th) for the days of the week and keep the default User Local Time selected, click Add, and then click OK.

      Conditions representing the If and Else statement display, depending on the selection made.

      In this example, select Default Other Login Profile to create the profile for the filter.

    3. Click + for the If statement to add the authentication profile, and then select Default Other Login Profile for this example.

      You can continue adding If and Else statements as needed. The limit is 10.
    4. Click Save when you are finished.

    1. Click the drop-down menu to select the Authentication Profile.

      See Create authentication profiles

    2. Click Save when you are finished.

Step 2: Apply the access orchestration to the user portal

Authentication Profiles created by the Access Orchestrator only apply to CyberArk Identity signin and application launch policies.
  1. Go to Core Services > Policies, and then select the policy you want to edit, or create a new one.

  2. Go to Authentication Policies > CyberArk Identity, and then set Enable authentication policy controls to Yes.

  3. Click Use Access Orchestration.

  4. Expand the drop-down menu and select the name of the access orchestration that you just created, and then click Save.

    Only User Portal access orchestration appears in this drop-down menu.

    The signin experience of all users impacted by the policy set now matches the access orchestration that you created.