Log on to the Vault

This topic describes methods to log on to the Vault. During the logon process, authenticate to the Vault with a configured authentication method.


The PVWA offers several authentication options for logging on to the Vault:

For Windows, PKI, Oracle SSO, and LDAP, additional Vault or Radius authentication can be enforced for tighter security.

CyberArk Authentication

You can log on to the Vault with a password that has already been defined for you in the Vault. After logging on the first time, it is recommended that you change your password so that only you know what it is.

LDAP authentication

Windows authentication

This authentication option enables you to access a Vault without an additional log on procedure if you have already logged on to a Windows domain.

Users logging on from an Intranet zone will be logged on transparently, without requiring any additional logon information. However, users logging on from the Internet will be prompted for their Windows logon information.

Radius authentication

You can log on to the Vault with Radius authentication, according to predefined authentication settings. After supplying your Vault username and logon information, if any more logon credentials are required, you will be prompted for them.

PKI authentication (User Certificate)

If your organization has a PKI (Public Key Infrastructure), you can log onto the Vault using your personal certificate.


Make sure that your personal certificate is accessible. If your certificate is stored on an external hardware device, such as a Smart Card or a USB token, attach it to the computer before you try to log on.

Oracle Single Sign-On authentication

SAML authentication

Select a specific authentication method via URL

You can display the log in page for each authentication module that has been configured in the PVWA using a URL.

PrivateArk Client

After installation you can log on with the default method, which is password authentication, but this can be changed.

For more information about configuring authentication methods, see Configure authentication methods.

Log on to the Vault

If you log on with password authentication, the first time you log on, use the logon credentials that the Vault administrator has provided for you. After you have logged onto the Vault, you can change your password to a more secure password.

Lock your Vault

Protect your information when you take a coffee break

Other than when you retrieve files and return them, the Vault should remain locked. In particular, whenever you step away from your computer, the information in your Safe should not be left unprotected.

Each time you temporarily step away from your computer you can lock your user account. This protects your files completely, and prevents other users accessing your account while you are away from your computer.


The Vault will lock automatically after thirty minutes have elapsed without use, or after the period of time set by a Vault administrator.

Log off from the Vault

When you have finished working with files in the Vault, and you no longer need to keep your User Account open, you should log off from the Vault. This ensures that no one else accesses your Account.

When you log off from the Vault, open Safes are automatically closed and retrieved files are returned to the security of the Vault.