Kleverware SAML Single Sign-On (SSO) integration

This topic describes how to configure Kleverware for Single Sign-On (SSO) in CyberArk Identity using SAML.

SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

Before you begin

Make sure you have an account in Kleverware with administrator access.

Configure the Kleverware app template in the Identity Administration portal

Step 1: Add the Kleverware web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. In the Identity Provider Configuration section, select Metadata, then copy and save the values in the IdP Entity ID and Single Sign-On URL fields. Click Copy URL to copy the URL of the certificate.

    This URL is used later when you configure the SAML integration in Kleverware.

  2. In the Service Provider Configuration section, select Manual Configuration, then complete the following SAML settings and click Save after you finish.

    Service provider settings
    Setting Description

    SP Entity ID

    Obtain these values from your Kleverware team.

    Assertion Consumer Service (ACS) URL

Step 3: Configure permissions to grant Kleverware users SSO access

Grant SSO access to Kleverware by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Kleverware for SAML SSO

Provide your Kleverware team with the following IdP metadata you copied from the Identity Administration portal:

  • IdP Entity Issuer ID

  • Single Sign-On URL

  • URL for the metadata

Test the Kleverware SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Kleverware, Kleverware users can benefit from IdP- and SP-initiated SSO.

To test IdP-initiated SSO:
  1. Sign in to CyberArk Identity with the user account you just added.

  2. Click the Kleverware application tile to launch Kleverware in a new tab and automatically sign in.

To test SP-initiated SSO:
  1. Go to your Kleverware account sign-in page at https://<Kleverware-domain>.

  2. Enter sign-in credentials for the user account you just added.

    You are redirected to the IdP for authentication. After successful authentication, you are redirected back to the Kleverware web interface.