Set up external identity providers

This section describes how to set up external identity providers so you can integrate CyberArk Identity with the identity provider your organization already uses.

You can establish a trust relationship between the Service Provider (SP) and an external Identity Provider (IDP) using SAML tokens. By establishing this trust relationship, you can provide access to the resources that you want to share.

There are two use cases for external identity providers.

Use case Description

Shared tenant

In this use case, you share your CyberArk tenant with your business partners. Your CyberArk tenant (which hosts the services/applications) serves as the SP and your partner serves as the IdP. Your business partners access the tenant and its associated resources/applications by passing a SAML token obtained from their IdP service. This use case applies to any IdP (AD FS or other kinds of IdPs).

Tenant-to-tenant

This case is sometimes referred to as “tenant to tenant” because both the SP and IdP are CyberArk tenants. Your business partners access the resources/applications by passing a SAML token obtained from their CyberArk IdP tenant to their CyberArk SP tenant.

In this section: