Log on to the PVWA in V10 Interface

This topic describes the authentication methods that you can use to log on to the Vault through the PVWA.

For tighter security, additional Vault, LDAP or Radius authentication can be enforced for Windows, PKI, and SAML authentication.

Amazon Cognito authentication

CyberArk authentication

You can log onto the Vault with a password that has already been defined for you in the Vault. After logging on the first time, it is recommended to change your password so that only you know what it is.

LDAP Authentication

OpenID Connect (OIDC) authentication

PKI authentication (User Certificate)

If your organization has a PKI (Public Key Infrastructure), you can log on to the Vault using your personal certificate.


Make sure that your personal certificate is accessible. If your certificate is stored on an external hardware device, such as a Smart Card or a USB token, attach it to the computer before you try to log on.

Radius authentication

You can log on to the Vault with Radius authentication, according to predefined authentication settings. After supplying your Vault username and logon information, if any more logon credentials are required, you are prompted for them.

SAML authentication

Windows authentication

This authentication option enables you to access a Vault without an additional logon procedure if you have already logged on to a Windows domain.

Users logging on from an Intranet zone are logged on transparently without requiring any additional logon information. However, users logging on from the Internet are prompted for their Windows logon information.

View sign in details for the current user

After logging on to the PVWA, you can view sign in information.

  • Click the user name in the upper right corner.

For more information, see The PVWA Page.

Session timeout

A PVWA session ends or times out after a specific default period of time. This mechanism helps to prevent unauthorized access, session hijacking, and resource consumption.

However, users can continue their current session without being logged out of the PVWA. When a user has 20% of the remaining time left before the session expires, a popup appears. This gives users a choice to continue working and extend their current session.

If a user does not take any action and the session expires, the pop-up disappears and the user is logged out and automatically redirected to the Login page.