CyberArk Cloud Entitlements Manager SAML Single Sign-On (SSO) integration
This topic contains procedures to configure AppName for Single Sign-On (SSO) in CyberArk Identity using SAML.
With CyberArk Identity, you can choose single-sign-on (SSO) access to the CyberArk Cloud Entitlements Manager web application with IdP-initiated SAML SSO (for SSO access through the Identity User Portal) or SP-initiated SAML SSO (for SSO access through the CyberArk Cloud Entitlements Manager web application), or both. Providing both methods gives you and your users maximum flexibility.
AppName SSO supported features
This application template supports the following features:
-
SP-initiated SSO
-
IdP-initiated SSO
Prerequisites for AppName SSO
Configuring the CyberArk Cloud Entitlements Manager SAML template for SSO requires a CyberArk Cloud Entitlements Manager account with Enterprise access.
Configure the AppName app template in the Identity Administration portal
The following procedure describes the steps in the Identity Administration portal needed to configure the AppName app template for SSO.
Step 1: Add the AppName web app template.
-
In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.
-
On the Search page, enter the application name in the Search field and click the search button.
-
Next to the application name, click Add.
-
On the Add Web App page, click Yes to confirm.
-
Click Close to exit the Application Catalog.
The application opens to the Settings page.
Step 2: Configure the Settings page.
Set an app name, description, category, and logo if you want to change them.
Step 3: Configure the Trust page.
-
In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata.
This file is used later when you configure the SAML integration in AppName.
-
In the Service Provider Configuration section, select Manual Configuration, then review the following pre-configured SAML settings and click Save after you finish.
Setting Description SP Entity ID
Matches the service provider identifier URL found in the AppName Admin Portal. Assertion Consumer Service (ACS) URL
Matches the service provider reply URL from the AppName Admin Portal. 
Step 4: Review and save.
Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.
Configure AppName for SAML single sign-on
The following procedure describes the steps in the AppName Admin Portal needed to configure the AppName app template for SSO.
-
Log in to AppName with enterprise credentials.
-
Click Setup > Single Sign On.
-
Enter SAML Sign-in URL and Certificate detail.
The detail is available in downloaded metadata from CyberArk Identity portal. Refer to Configure the Trust page.
-
Enter the email domain and validate the domain with an email under the same domain.
-
Click Save
Bookmark AppName SSO
-
In the Identity Administration portal, select Apps > Web Apps, then click Add Web Apps.
The Add Web Apps screen appears.
-
On the Search tab, enter AppName in the Search field and click the search icon.
The AppName application opens to the Application Settings page.
-
Click Save.
Additional information
For IdP-initiated SSO refer to the link below to bookmark and launch the application from CyberArk Identity:
For SP-initiated SSO, use the following URL:
https://cem.cyberark.com/single-sign-on
For additional resources, refer to AppName integration support documents at:
Cloud Entitlements Manager Integration document
