Deploy user password web applications

There are numerous user password applications you can deploy. CyberArk can store and auto-populate user name and password fields to allow for single sign-on from the User Portal, alleviate the need for users to memorize too many passwords, and allow users to access shared web accounts without knowing the shared password. CyberArk provides three ways to add a web site for single sign-on.

  • Use a prebuilt template -- Use this method if the application is in the CyberArk application catalog. See Prebuilt template applications.
  • Capture with Infinite Apps -- Use this method if the application is NOT in the CyberArk application catalog. Infinite Apps provides the App Capture utility, which automatically discovers the user name and password fields on the web application log in page and adds the application to the User Portal Apps page. See Capture user name/password with Infinite Apps.
  • Use a custom template -- Use this method for more complex websites that might have the user name and password fields on different pages or other unique steps to log in. See Custom template applications .

After you deploy the application (regardless of the method you use to deploy it), users must enter the application specific credentials the first time it is launched from the User Portal. This is only required with the initial application launch.

Prebuilt template applications

This is the most straight-forward way to add an application into CyberArk and works for applications that have a prebuilt template in the Identity Administration portal.

After you deploy the application, users must enter the application specific credentials the first time s/he launches it from the User Portal. This is only required with the initial application launch.

  1. In the Identity Administration portal, select Apps > Web Apps, then click Add Web Apps.

    The Add Web Apps screen appears.

  2. On the Search tab, enter the partial or full application name in the Search field and click the search icon.

  3. Click the Add button associated with the relevant user-password application.

    4. Some application have both SAML and user-password versions, make sure you select the correct one.

  4. Click Yes to confirm on the Add Web App screen.

  5. Click Close to exit the Application Catalog.

    The application that you just added opens to the Application Settings page and has the "Ready to Deploy" status.

  6. Give an existing Active Directory user/group or CyberArk role access to the application.
    1. Click Permissions > Add button.
    2. Search for an existing Active Directory user/group or CyberArk role.
    3. Select the relevant user, group, or role.

    4. Click Add.

      5. The newly added Active Directory user/group or CyberArk role is added to the Permissions page with the relevant permissions.

  7. Click Save.

If you only want SSO for application access, then you're done! You can now use the account you just added to the Permissions page to access the User Portal and SSO to the web application.

  1. Open a browser and log in to User Portal using the account you just added to the Permissions page.
  2. Click the newly deployed web application.
  3. Enter the application user name and password.

    4. Entering your credentials is only required for the initial application launch. Subsequent launches will automatically populate the user name and password fields. You will also be prompted to download and install the Browser Extension. You only have to install the extension one time per browser.

Back to top

Capture user name/password with Infinite Apps

For web applications that are not in the CyberArk application catalog, you can use Infinite Apps to capture the user name and password. To use the Infinite Apps feature, you must install a Firefox browser specific version of the Browser Extension. Infinite Apps only supports Firefox and the privacy setting must be configured for “Remember History”. After the application is captured, users can use any browser to open it from the user portal.

  1. Install the Browser Extension.
    1. Log in to the Identity Administration portal using your system admin account.
    2. Click Downloads in the left hand navigation pane.
    3. Click the link for the Firefox browser.

    4. Follow the prompts to download and install the Browser Extension.

      5. After the browser restarts, the Browser Extension icon is added to the toolbar. If not, right-click the toolbar, select Customize, and drag the icon to the toolbar.

  2. Capture the user name and password for the relevant web application.
    1. Open Firefox and go to the sign-in page for the application that you want to add.
    2. Click the Browser Extension icon in the toolbar.
    3. Click Capture.
    4. Follow the prompts for capturing the user name and password.

      5. Infinite Apps attempt to discover the user name and password fields in the login page. If it is successful, it displays the message and highlights the user name and password fields.

  3. Give an existing Active Directory user/group or CyberArk role access to the application.
    1. Log in to the Identity Administration portal using your systems administrator account.
    2. Click Apps > Web Apps.
    3. Select the relevant application.
    4. Click Permissions > Add button.
    5. Search for an existing Active Directory user/group or CyberArk role.
    6. Select the relevant user, group, or role.

    7. Click Add.

      8. The newly added Active Directory user/group or CyberArk role is added to the Permissions page with the relevant permissions.

    8. Click Save.
  4. Verify that the user name and password was captured.
    1. Open a Private Browser (Firefox).
    2. Log in to the Identity Administration portal using your system administrator account or the account you added in the previous step.
    3. Click your name and select Switch to User Portal.
    4. Click your newly added application to enter the application user name and password.

      5. This is only required for the initial application launch. Subsequent launches will automatically populate the user name and password fields.

    5. Click Save.
    6. Click the web application again to launch it.

If the web application launches successfully, then you're done. If it's not successful, then a few more configuration steps are required. See the instructions below (Custom template applications ).

Custom template applications

Use this method for more complex websites that might have the user name and password fields on different pages or other unique steps to log in. For example, if you opened the application and App Capture did not find the user name and password fields or it selected the wrong fields, then use the following procedure to identify them.

In addition, you must use this procedure to add the application if you want to use a Submit button rather than use the Enter key (on the keyboard) to proceed with signing-in.

The App Capture utility cannot capture apps that use iframes.
  1. Open Firefox and go to the sign-in page for the application that you want to add.

  2. Click the Browser Extension icon and click Capture from the drop-down menu.

    App Capture displays a pop up window that guides you through the capture process.

  3. Click Set Manually.

  4. Click the <app name> Name field to identify this application’s username field.

    For example, click the Skype Name field for Skype:

    App Capture tags Skype Name as the Username field and prompts you to select the Password field.

  5. Click the Password field to identify this application’s password field.

  6. Select an additional login field.

    Some web applications have a third login field that requires the user to provide additional login information—for example, a corporate ID.

    If this web site does require an additional field, click Yes and then Next. Then click the additional field in the application’s login screen. App Capture highlights your selection and the pop-up window prompts you for the next entry.

    You enter the value you want to put in this field (for example, your organization’s ID number for this application) in the Advanced page when you open the application details in the Identity Administration portal.

  7. Determine how the log in credentials are submitted.

    After they enter their credentials, users either press the Enter key (on the keyboard) or click a button to submit their credentials.

    • Use keyboard Enter key event (Recommended): Select this option when users press the Enter key (on the keyboard) to submit their credentials.

      Capturing the Enter key is more reliable than trying to capture a sign-in button.

      Click Next to continue.

    • Right-click the Sign in button on the Web page to capture it: Select this option when the user must click a separate “login” or “sign-in” button to submit their credentials to this web site.

      After you select this option, right-click the login/sign-in button on the Web page to capture it, then click Next to continue.

      This option is useful if you capture using the Enter key option and deploy the application, but your users are unable to log in. Often times, recapturing the application and selecting the sign-in button option corrects the problem.

  8. Click Finish.

  9. Select where to add the application -- user portal or the Identity Administration portal.

    Adding the application to the user portal is for your use only.

    Adding the application to the Identity Administration portal allows you to assign it to other users. The Identity Administration portal option is only available if you are in a role that has the Application Management right.

  10. Click Submit to add the application to the selected portal.

  11. Click Close when the confirmation message appears.

  12. Give an existing Active Directory user/group or role access to the application
    1. Log in to the Identity Administration portal using your systems administrator account.
    2. Click Apps > Web Apps.
    3. Select the relevant application.
    4. Click Permissions > Add button.
    5. Search for an existing Active Directory user/group or CyberArk role.
    6. Select the relevant user, group, or role.

    7. Click Add.

      8. The newly added Active Directory user/group or CyberArk role is added to the Permissions page with the relevant permissions.

    8. Click Save.
  13. Verify that the user name and password was captured.
    1. Open a Private Browser (Firefox).
    2. Log in to the Identity Administration portal using your system administrator account or the account you added in the previous step.
    3. Click your name and select Switch to User Portal.
    4. Click your newly added application to enter the application user name and password.

      5. This is only required for the initial application launch. Subsequent launches will SSO you into the application.

    5. Click Save.
    6. Click the web application again to launch it.

Back to top