Manage web apps with Workforce Password Management

This topic describes how to add web apps to your User Portal and share credentials to your business applications with other users. You can add web applications either directly from the User Portal or with the Land & Catch feature.

Add web applications from your User Portal

You can click Add Apps to add applications to your User Portal if your system administrator has granted you appropriate permissions. Any applications you add also display in the CyberArk Identity mobile app on your enrolled mobile device.

If CyberArk Identity is configured to store application credentials in CyberArk PAM - Self-Hosted, then application credentials are stored and fetched from the PAM - Self-Hosted Vault.

To add applications from the User Portal

  1. Open the Identity User Portal and select Applications.
  2. Click Add Apps.

    The App Catalog window opens. The left pane has two tabs:

    TabDescription

    Search

    Use this tab to display the applications in CyberArk Identity App Catalog by category or search for a specific application.

    Recommended

    Applications assigned to you by your IT department that are optional.

  3. Click the Add button associated with the application you want to add then click Yes in the pop up window to confirm your selection.

    You can select multiple applications before you close the App Catalog window. If you do, you are returned to the Apps page and must click each application individually to enter your credentials for each application. Go to Update your user identity for a web app to complete the procedure for each application.
  4. Click Close.

  5. In the General tab, enter the following details for the application:

    Application Settings Description
    Tags (Optional) Refer to Create and assign a tag
    Notes

    (Optional) Enter application information that you want to keep track of, or information you want to share with other users (if application sharing is enabled). Users that you share your application with cannot delete or modify the content you add to this field.

    User Identity (User Name and Password)

    Refer to Update your user identity for a web app.

    These credentials may be different than the user name and password you use to sign in to the User Portal.

    Refer to Share business application credentials, for information about sharing applications with other users.

  6. Click Save to complete the application configuration.

    The application is now listed on your Apps page.

Add web applications with Land & Catch

Land & Catch recognizes when you enter credentials and offers to add the site to the User Portal. Your system administrator must enable the feature before you can enable or disable it on your computer. If the policy is enabled by your system administrator, it is enabled on your computer by default.

Land & Catch is activated when you sign in to a service provider's web site. The Browser Extension then displays a prompt asking if you want to store your credentials as an app on the User Portal. If you agree, the app appears in your User Portal.

Enable Land & Catch in your browser

  1. Click the Browser Extension icon in your browser, then click the gear icon to go to the Settings tab.

  2. Select Enable Land&Catch on this computer.

Add an app to your User Portal with Land & Catch

  1. Go to the web site of an app that you want to add to theUser Portal, then log in with your credentials.

    The Browser Extension prompts you to add the site to your User Portal.

  2. Enter the name of the site as you want it to appear in your User Portal.

    The default name is the site with your username appended. This is useful if you have multiple accounts with the same service provider.

    In the following screen example, -a is the username (which is shown on the app when it is added to the user portal).

  3. (Optional) Click More, then enter a description or upload a custom app icon.

  4. Click Yes to add the app to your User Portal.

    If CyberArk Identity is configured to store application credentials in CyberArk PAM - Self-Hosted, then application credentials are stored and fetched from the PAM - Self-Hosted Vault.

Add a different account to your user portal for the same app

  1. Go to the web site of an app that you want to add to the user portal, then log in with your credentials.

    If the Browser Extension matches the domain to a site in your User Portal it asks if you would like to update your existing account or add a new account for that app.

  2. Click Add.

  3. Enter the name of the site as you want it to appear in your User Portal.

    The default name is the site with your username appended. This is useful if you have multiple accounts with the same service provider.

    In the following screen example, -b is the username (which is shown on the app when it is added to the user portal).

  4. (Optional) Click More, then enter a description or upload a custom app icon.

  5. Click Yes to add the app to your User Portal.

Update credentials for an existing app in your User Portal

  1. Go to the web site of an app that you want to update in the User Portal, then log in with your updated credentials.

    If the Browser Extension matches the domain to a site in your User Portal it asks if you would like to update your existing account or add a new account for that app.

  2. Click Update to update the credentials for the app in your User Portal.

Edit application attributes in your User Portal

You can edit the following attributes for applications that you added with the Land and Catch feature.

Your administrator must enable this through a policy setting. Your administrator might allow you to edit any or all of these attributes.

  • Name

  • Description

  • Logo

  • URL

Editing these attributes gives you flexibility to edit the application so it displays in the User Portal as you expect. In addition, it enables you to fix the URL if necessary. For example, Land and Catch might have captured a registration URL for a new account, but going forward you need a sign in URL.

To edit application attributes

  1. Click Application Settings on the application that you want to edit.

  2. Hover over the area that you want to edit, then click the edit icon.

    This is applicable for the logo, name, and description attributes.

    The maximum size and dimensions for the logo image is 1 MB, 1024 x 1024.

    For example, hover over the application name to rename it.

  3. Edit the URL, if necessary.

    URL is a required field, and the value must be a valid URL, including the protocol. For example, https://www.example.com, not www.example.com.

  4. Click Save when you are finished editing.

Share business application credentials

This section describes how to share business application credentials with other CyberArk Identity users.

You can share the user password application credentials with other users for applications:

  • Added manually from CyberArk Identity App Catalog

  • Imported from a third-party password manager

  • Captured with Land & Catch

Make sure you only share credentials for business applications. Do not share your personal application credentials or any personally identifiable information with other users.
To share User Password business application credentials, your system administrator must add you to a Role with the Shared Credentials Administrative Right.

The Shared Credentials Administrative Right enables the following functionality:

  • Add CyberArk Identity users, groups or Roles that you want to have access to your application credentials

  • Set password modification restrictions

  • Add a start and end time for access to the application

  • Revoke application sharing for a specific user, group, or role

To share User Password business application credentials from the User Portal

  1. Sign in to the Identity User Portal and then click Applications.

  2. Mouse over the application you want to share with other users, and then click the Application Settings icon.

  3. Click the Sharing tab.

    If the Sharing tab is not available, the application may be a system administrator-assigned application or you have not been given permission to share application credentials (you are not in a role with the Shared Credentials administrative right). Contact your system administrator for access.

  4. Click Add to display the Select User, Group, or Role dialog box.

  5. Type the user name, group name, or role to search for and select the users you want to add, then click Add.

    Distribution groups and local groups display in the filter; however, only security groups are supported.

  6. Select one of the following Password Permissions for each user you add:

    Password Permission Description
    None (Default configuration) User can't view or change the password for the shared application. User can launch the application only.
    View Password User can launch the application and view the password for the shared application.
    Edit Password User can launch the application, view the password, and change the password for the shared application. If the password is changed, the new password is available to the application owner, and all the other application recipients.

  7. (Optional) Enter a date and time in the Start and End Time fields to allow the user to access the application during a specified time period.

    The application tile is removed from the share recipients User Portal when the end date is reached.

If you delete a shared application from your User Portal, then any users that you shared the application with no longer have access to the application.

If the system administrator has enabled an authentication profile for sharing applications, users you share the application with must satisfy multi-factor authentication requirements when accessing the credentials of the shared application, unless the user has already done so when they signed in to the User Portal.

Revoke access to a shared application

Deleting a user, group, or role from the Sharing tab revokes access to the application and can be done at any time.

To revoke access to an application:
  1. Sign in to the Identity User Portal and then click Applications.
  2. Click the Application Settings icon for the application that you want to modify.

  3. Click the Sharing tab and select the user, group, or Role you want to remove.

  4. Select Delete from the Actions menu (or click the trash icon).

View shared applications

You can view shared applications in the Identity User Portal so you can quickly find applications you have shared, and applications shared with you.

You can use either the drop-down menu on the Applications page, or the Shared Apps tab, depending on the features enabled on your tenant. In both cases, apps are separated into the following categories.

View Description
Shared by me

Lists all the applications you have shared with other users. Any information you want to convey to share recipients can be added to the application Notes field. Deleting the application removes application access for all recipients.

Shared with me

Lists all the applications other users have shared with you. For applications shared with you, you can view any information about the application added by the application owner in the Notes field. You can add your own tags or select Auto-login at site to personalize the application configuration.

On the User Portal Applications page, click the drop-down menu to access the Shared by me and Shared with me options: