Benevity SAML Single Sign-On (SSO) integration

This topic describes how to configure Benevity for Single Sign-On (SSO) in CyberArk Identity using SAML.

Trusted applications were developed by trusted sources and not certified by CyberArk. CyberArk provides limited support for this application.

Supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

You can choose one or both methods.

Before you begin

Before you configure the Benevity web application for SSO, make sure you have an account in Benevity with administrator access.

Configure the Benevity app template in the Identity Administration portal

Step 1: Add the Benevity web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. Go to the Trust tab.

  1. In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata.

    This file is used later when you configure the SAML integration in Benevity.

  2. In the Service Provider Configuration section, select Manual Configuration, then enter the following values. Click Save after you finish.

    Service provider settings
    Setting Description

    SP Entity ID

    When you configure Benevity, copy the Entity ID and paste it here. See Configure Benevity for SAML SSO

    Assertion Consumer Service (ACS) URL

    Obtain this value from the Benevity application. Go to Account Settings > Single sign-on. Copy the SAML endpoint URL.

Step 3: Configure permissions to grant Benevity users SSO access

Grant SSO access to Benevity by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Benevity for SAML SSO

Perform these steps in Benevity to configure the Benevity app template for SSO.

  1. Sign in to the Benevity application and go to the SSO settings.

  2. Note down the Benevity Account ID and SAML endpoint URL.

  3. Upload the SAML metadata file that you downloaded from the Identity Administration portal.

  4. Save your changes.

Test the Benevity SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Benevity, Benevity users can benefit from IdP- or SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity User Portal with a user account that exists both the Benevity application and CyberArk Identity.

  2. Click the Benevity application tile to launch Benevity in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to the Benevity SSO sign-in page.

  2. Enter Benevity Account ID and click Log in to your account with SSO.

You are redirected to the IdP provider. After you successfully authenticate on the IdP, you are redirected to the Benevity web interface.