PVWA installation requirements

This topic describes the requirements for installing PVWA on a Windows Server.

Security requirements

Before installing PVWA, make sure that your system complies with security requirements. For more information, see Security Fundamentals.

Windows Server

Set up a clean Windows Server. The following Windows Server versions are supported:

  • Windows 2019

  • Windows 2016

  • Windows 2012 R2


The PVWA must be installed on a different machine from the CyberArk Vault server.

Local user

The user performing the installation must be an administrator user on the Windows machine.

Secure the PVWA website

An SSL certificate must be installed on the Web server in order to have a secure channel between the PVWA machine and the Internet browser. If the default website is not protected by a certificate, an error will appear in the browser indicating that the website is not trusted.

As a part of the Prerequisites script, a self-signed certificate is created. We recommend that you replace this certificate with a trusted certificate after installation.

Set user authorizations


You can use the built-in Administrator user to install PVWA.

The user performing the installation must have both Vault user authorizations and Safe ownership.

Vault user authorizations

During installation, Safes and a user are created to enable the PVWA to work. In order to create the Safes and the user, the Vault user performing the installation must have the following authorizations in the Vault:

  • Add Safes

  • Add/Update Users

  • Reset Users’ Passwords

  • Activate Users

  • Manage Server File Categories

  • Audit Users

Safe ownership

The user performing the installation must have ownership of the VaultInternal and Notification Engine Safes, and the following permissions:

  • List Files

  • Retrieve Files

  • Manage Safe

  • Manage Safe Owners

  • View Audit

  • View Owners