Use your tenant URL

A tenant is the logical unit that separates subscriber organizations from each other within CyberArk Identity. When users and administrators log into CyberArk Identity cloud service, they log in to a specific tenant, and every operation that they perform applies to that tenant alone.

When a company registers with the Identity service, CyberArk Identity assigns a unique customer ID, or tenant ID, to each tenant. The Identity service automatically generates a tenant URL for each tenant by prefixing the tenant ID to the string my.idaptive.app (tenantID.my.idaptive.app). For example, for tenant ID, ABCD1234, the Identity service creates the URL ABC1234.my.idaptive.app.

The tenant URL that the Identity service generates is known as the system URL. In addition, the Identity platform enables administrators to create their own custom URLs by prefixing a string, such as company name, or some other identifier, to my.idaptive.app. For example, acme.my.idaptive.app. Every tenant has one system URL, and can have zero or more custom URLs. An administrator designates one of the custom URLs as the default or preferred ID.

If a user logs in with a system URL, the Identity service redirects the browser to the preferred tenant URL. If a user logs in with a custom or preferred tenant ID, the Identity service maintains that URL.

The tenant URL not only identifies the Identity service tenant for login, it is also required to identify each Identity API call. Here are examples that use a system URL and a custom tenant URL for a call to Security/StartAuthentication:

https://abc1234.my.idaptive.app/Security/StartAuthentication //system URL
https://acme.my.idaptive.app/Security/StartAuthentication    //custom tenant URL

As a developer, you must be able to support redirection of the tenant URL by the Identity service. The Identity platform does the following:

  • Maintains custom tenant URLs.

  • Maintains the preferred tenant URL.

  • Redirects the system URL to preferred URL.

From the API standpoint, redirection applies only to authentication. If you start authentication by specifying the system tenant ID, you must be prepared for redirection to the preferred tenant ID. For more details, see Handle redirects.