Manage social login users

This topic describes how to enable external users (such as customers or temporary contractors) to use their existing social media credentials to access assigned applications through the Identity User Portal, or your own portal. In addition, you can customize the user experience by rebranding the access request page with your company name and logo.

When users access their application using the Identity User Portal, they can do the following:

  • Access assigned applications

  • Add applications to the Apps page

  • View their account information and user portal activity history

When users sign in, they are automatically added to the Everybody Role and External Users group. You can add the External Users group to Role memberships to control access to applications.

Configure social media access without customized branding

You can enable external users to use their existing social media credentials for single-sign-on access to assigned applications via the Identity User Portal. These instructions do not include any customization or branding. Users will see the CyberArk name and logo on the access request page.

To configure social media access to the user portal without customized branding

  1. Log in to the Identity Administration portal and click Settings > Users > Social Login.

  2. Select the social identity that you want users to have from the user portal.

  3. Click Save.

Customize the social login user experience

You can customize the social media log in experience by rebranding the access request page (see the screenshot below) to display your company logo and name. Additionally, if your company has its own portal for application access, you can redirect users to that portal after they log in using their social media credentials.

Create a Facebook application

You need to create a Facebook application if you want users to see your company name and logo when they choose to log in using their Facebook credentials. The following procedure requires you to register your Facebook business account as a developer.

To create a Facebook application:

Step 1: Create a new application.

  1. Sing in to your Facebook business account, then go to developers.facebook.com.

  2. Click My Apps and select Add a New App.

  3. Click www Website, specify a name for the application, and click Create New Facebook App ID.

  4. Select Skip and Create App ID.

    The Create a New App ID page displays.

  5. In the Display Name field, enter your company name.

    This is the name that will appear on the access request page where it completes a sentence similar to “<Your company name> would like to access some of your Facebook information.”

  6. Select Productivity in the Category drop down.

  7. Click Create App ID.

    The following configuration page displays:


Step 2: Configure the new application.

  1. Click Settings on the side panel.

  2. On the Basic tab, specify the Contact Email and click Save Changes.

  3. On the Advanced tab, enter your CyberArk Identity pod-level URL into the Valid OAuth redirect URIs field and click Save Changes.

    For example:

    https://<pod_abcd>.idaptive.app/SocialAuth/FacebookAuthCallback

    https://<pod_abcd>cyberark.cloud/SocialAuth/FacebookAuthCallback

  4. Enter the application domain in the App Domains field.

  5. Click App Details on the side panel.

  6. Enter a description that includes your pod name in the Short Description field.

    For example, Company XYZ - Pod123.

  7. In the Contact Info section, enter your company information for the fields described in the following table.

    Field Example

    Privacy Policy URL

    https://www.companyABC.com/privacy/

    Terms of Service URL

    https://www.companyABC.com/eula/

    User Support URL

    https://www.companyABC.com/support/

    Marketing URL

    https://www.companyABC.com/products/

  8. In the Icons section, upload your company logo using the appropriate size.

    This logo will appear on the access request page when users log in.

  9. Click Save Changes.

Step 3: Review changes

  1. Click Status & Review on the side panel.

  2. Toggle Yes for the “Do you want to make this app and all its live features available to the general public?” question.

  3. Confirm the selection to make the application public.

  4. Click Dashboard on the side panel.

  5. Copy/paste the App ID and App Secret for future use in the Identity Administration portal.

    You will need this information when you configure the integration to your social media application. See Configure the integration to your social media application.

Create a Google application

You need to create a Google application if you want users to see your company name and logo when they choose to log in using their Google credentials.

To create a Google application

Step 1: Create a new project

  1. Sign in to your Google account, then navigate to https://console.developers.google.com.

    The Google Developers Console page displays.

  2. In the Select a project drop down, select Create a project.

    The New Project page displays.

  3. Enter a project name that includes your pod name.

    For example, Project XYZ - Pod123.

  4. Respond to the other fields as appropriate.

  5. Click Create.

    You must agree to the terms of service to enable this button.

Step 2: Enable APIs

  1. Click the side panel expander icon (three stacked lines) to expand the side bar.

  2. Click API Manager and Overview.

    The Overview page displays.

  3. In the Social APIs section, click Google+ API.

  4. Click Enable API.

Step 3: Add credentials and configure consent

  1. Click Credentials in the side panel.

  2. In the New Credentials drop down, select OAuth Client ID.

  3. Click the Configure consent screen button.

  4. In the Product name shown field, enter the your product/company name.

    This is the name that will appear on the access request page where it completes a sentence similar to “<Your company name> would like to access some of your Google information.”

  5. Enter your company URL into the Homepage URL field.

  6. Enter the URL where your company logo resides.

    This logo will appear on the access request page when users log in.

  7. Enter the Privacy policy URL and Terms of service URL for your company.

  8. Click Save.

    The Create client ID page displays.

  9. Select Web application as the application type.

  10. Enter your CyberArk Identity Identity Service pod URI into the Authorized redirect URIs field and click Create.

    For example:

    https://<pod_abcd>.idaptive.app/SocialAuth/GoogleAuthCallback

    https://<pod_abcd>cyberark.cloud/SocialAuth/GoogleAuthCallback

  11. Copy/paste the Client ID and Client Secret for future use in the Identity Administration portal.

    You will need this information when you configure the integration to your social media application. See Configure the integration to your social media application.

Create a LinkedIn application

You need to create a LinkedIn application if you want users to see your company name and logo when they choose to log in using their LinkedIn credentials.

To create a LinkedIn application

Step 1: Create an applicaton.

  1. Log in to your LinkedIn account, then navigate to https://developer.linkedin.com.

  2. Click My Apps.

  3. Click Create Application.

  4. Enter your company name.

    This is the name that will appear on the access request page where it completes a sentence similar to “<Your company name> would like to access some of your LinkedIn information.”

  5. Enter your application name into the Name field.

  6. Enter a description that includes your pod name in the Description field.

    For example, Company XYZ - Pod123.

  7. Click the Select File to Upload button to upload your company logo.

    This logo will appear on the access request page when users log in.

  8. Provide the remaining required information as appropriate.

  9. Click Submit.

    The Test Applications page displays.

Step 2: Configure application permissions.

  1. In the Default Application Permissions area, enable the r_basicprofile and r_emailaddress check boxes.

  2. Enter your CyberArk Identity pod URI into the Authorized Redirect URLs field and click Add.

    For example:

    https://<pod_abcd>.idaptive.app/SocialAuth/LinkedInAuthCallback

    https://<pod_abcd>cyberark.cloud/SocialAuth/LinkedInAuthCallback

  3. Click Update.

  4. Copy/paste the Client ID and Client Secret for future use in the Identity Administration portal.

    You will need this information when you configure the integration to your social media application. See Configure the integration to your social media application.

  5. Click Settings in the side panel.

  6. Select Live in the Application Status drop down.

  7. Click Update.

Create a Microsoft application

You need to create a Microsoft application if you want users to see your company name and logo when they choose to log in using their Microsoft credentials.

The first few steps of this procedure may vary if you already have a Microsoft account and Windows Live ID.

To create a Microsoft application

Step 1: Create an application.

  1. Log in to your Microsoft account, then navigate to https://msdn.microsoft.com/en-us/library/ff751474.aspx.

  2. Read the information in the Before You Register section then click Register to obtain a Windows Live ID.

  3. Click the application management site link in step 1 of the procedure.

  4. Enter you application name.

    This is the name that will appear on the access request page where it completes a sentence similar to “<Your company name> would like to access some of your Microsoft information.”

  5. Set the language and click I accept.

    The application configuration page opens.

Step 2: Configure the application

  1. Click Basic Information in the side panel.

  2. Click the Browse button to upload your company logo.

    This logo will appear on the access request page when users log in.

  3. Enter the URL information in the following table.

    URL Example

    Terms of Service URL

    https://www.companyABC.com/eula/

    Privacy URL

    https://www.companyABC.com/privacy/

  4. Click Save.

  5. Click API Settings in the side panel.

  6. Enter your CyberArk Identity pod URI into the Redirect URLs field and click Add.

    For example:

    https://<pod_abcd>.idaptive.app/SocialAuth/MicrosoftActAuthCallback

    https://<pod_abcd>cyberark.cloud/SocialAuth/MicrosoftActAuthCallback

  7. Click Save.

  8. Click App Settings in the side panel.

  9. Copy/paste the Client ID and Client Secret for future use in the Identity Administration portal.

    You will need this information when you configure the integration to your social media application. See Configure the integration to your social media application.

Configure the integration to your social media application

After you create the social media applications, you can configure the integration to those applications.

To configure the integration to your social media application

  1. Log in to the Identity Administration portal, then go to Settings > Social Login.
  2. Select the social identity that you want users to have from the user portal.

  3. Select the Use custom settings link associated with the relevant social identity.

    The <social identity> Custom Settings page opens.

  4. Select the Use Custom Integration check box.

  5. Enter the application ID from your social media application into the OAuth Application ID text box.

  6. Enter the application secret from your social media application into the OAuth Application Secret text box.

  7. Click Save.

    If your company does not have its own portal for application access, then you are done.

    If your company does have its own portal for application access, then continue to the next step.

  8. (Optional) If your company has its own portal for application access, click Add in the “Additional OAuth Trusted Redirect URIs” to enter the redirect URI then click Add again.

    This step is only required if your company has its own portal for application access and you want users to get redirected to this portal after they log in using their social media identity.

  9. Click Save.