Customize portal and login windows

This topic describes how to customize the look and feel of the User Portal, the Identity Administration portal, and login windows.

Click Reset to restore the default settings for most options.
Customizations may not display with the initial user login. Users may need to log in again to see the changes reflected.

Customize the portal and login window options

You can customize many elements of your portals and login windows, including color schemes, background images, error messages, the login experience, and more.

Step 1: Edit the General Options

  1. Log in to the Identity Administration portal.

  2. Go to Settings > Customization > Account Customization.

  3. Edit the fields under General Options.

    Field Description

    Portal Ribbon Accent Color

    Enter the hexadecimal color code for Portal Ribbon Accent Color to change the ribbon color. Do not enter the RGB value.

    Portal Ribbon Color

    Enter the hexadecimal color code for Portal Ribbon Color to change the ribbon color. Do not enter the RGB value.

    Company Name

    Company Support Link

    Enter information in Company Name and Company Support Link to create a link to your company support portal in the Identity Administration portal > Support menu. For more information on these settings, see Customize the support links.

    This is an early access feature. Early access features are fully-supported features made available on a case-by-case basis by request. Early access features might see more frequent updates compared to GA features. Contact your account representative to enable this feature.

    Contact your CyberArk support team to replace all the occurrences of CyberArk in the Identity Administration portal with the value you enter in the Company Name field.

    Portal Image

    Short Portal Image

    • Click Upload and browse to select an image file for the Portal Image and the Short Portal Image, then click Open.

      Once added, these images are located above the portal switcher in the left window pane. When you collapse the left pane, the short (smaller) portal image is displayed.

Step 2: Customize the Identity Administration portal to meet your brand needs

The white labeling of the Identity Administration portal enables you to replace the references of CyberArk with your customized brand name and logo.

Contact your account representative to enable this feature.

  1. Log in to the Identity Administration portal.

  2. Go to Settings > Customization > Account Customization.

  3. Edit the following fields under General Options.

    Field Description

    Web Page Title

    Enter the title for your web page. This replaces the CyberArk name with your custom name on the browser tab.

    Product Name

    Enter a custom name to reflect your brand. This replaces the CyberArk Identity references on the Identity Administration portal.

    Browser Favicon

    • Click Upload and browse to select an image file, and then click Open.

      Once the image is added, select Save and the selected icon replaces the CyberArk logo on the browser web page.

Step 3: Edit the fields under Login Customization

Field Description

User Name Hint Text at Login

Define the user name hint text displayed to users on the Signin page. You can click Reset to reset this field to its default value of user@domain.

Remember last signed in username

Select to remember the last username. The last username is saved from the last successful sign in.

When selected here, users check Remember Me on sign in to enable.

Login Image

Click Upload to browse to and select the image file for the login image, then click Open.

The login logo image must be at least 512 Bytes, no more than 1 MB, no larger than 1024x1024, and the supported file types are either .png, .jpg, .ico, .gif (non-animated), or .bmp.

Login Background Image

Click Upload to browse to and select the image file for the login background image, then click Open.

The background image must have a file size between 512 Bytes and 5 MB, with dimensions of at least 700 x 490. Supported file types are .png, .jpg, .ico, .bmp, and .gif (non-animated).

Terms of Use

Enter the URL to your company's terms of use.

The Terms of Use link appears below the Signin area.

Privacy Policy

Enter the URL to your company Privacy Policy.

The Privacy Policy link appears below the Signin area.

Step 4: Enable the new login experience

The Turn on New Login Experience option is enabled by default.

When this is enabled, users see the new CyberArk Identity Sign In screen when they sign in to the CyberArk Identity the Identity Administration portal or User Portal.

Step 5: Customize the sign in error message

Select Customize the sign in error Message, and then replace the default message with a custom message.

A detailed error message helps deflect help desk tickets. Enter an error message to show to users who can't sign in due to one of the following reasons:

  • no challenges are defined

  • the user cannot answer an MFA challenge

  • the user's password has expired

  • the user's account is blocked

  • RADIUS server error

  • the user is using the wrong authentication factor for privileged access

Step 6: Customize the error message for authentication failure

Select Customize the error Message for authentication failure, and then replace the default message with a custom message. The error message shows users that they cannot sign in due to one of the following reasons:

  • failed to validate the challenges

  • login failed due to invalid credentials

Step 7: Customize the error message for password complexity

Select Customize error message for password complexity, and then replace the default message with a custom message. The error message shows users that they cannot sign in due to one of the following reasons:

  • the password entered does not meet the complexity requirements

  • the password is a previous password

Step 8: Hide the CyberArk footer from the Login page

Click Hide CyberArk footer from login page to hide the copyright information, Terms of Use link, and Privacy Policy link from the login page. The image below shows the login page when the Hide CyberArk footer from login page check box is selected.

You can contact the CyberArk Support team if you want to hide Powered by CyberArk from the login page.

Step 9: Edit the fields under User Portal Back Navigation

You can customize the back button and the label beside it on the Account > Authentication Factors page in the User Portal. The back button enables a user to navigate back to a customer website from CyberArk Identity User Portal after performing self-service actions such as configuring MFA or personal profile updates.

Field Description

Back button link

Enter the link to redirect the user from the User Portal to your brand's website.

Label beside the Back button

Enter a custom label to redirect users to your brand's website. For example, "Back to <brand name>".
This feature is recommended only for Customer Identity Access Management tenants.

Step 10: Edit the fields under Message Customization

See Customize email message contents for additional information.

Field Description

Use Custom Login Widget URL for the Invite Link

Click Use Custom Login Widget URL for the Invite Link to change the link in the new user invitation email to point to a login widget URL instead of the CyberArk Identity tenant URL. This assumes you have already set up a login widget that you want to use. Once it is enabled, enter the complete URL for the custom login widget in the provided text box (for example, https://example.com). When a new user is created with the Send email invite for User Portal setup option enabled, the email invitation is sent with the custom login widget link embedded in the email.

The URL must also be included in the Allowed Domain field under the Identity Administration portal > Settings > Authentication > Security Settings > API Security. See Authentication security options.

Email Image

Click Upload to browse to and select the image file for the Email Image.

This is typically your company logo, and is only used for customized messages.

Step 11: Edit the default message templates

  1. Click the row associated with the template.

  2. Edit the Language, Email Subject, and Display Name, fields as needed.

  3. Click the Script Editor tab to modify the content of the message as needed.

    The message body can be found in the HTML on the script tab.

    In the Forgot User Name message template, you can change the message to drop the login suffix when the email is sent to a user by replacing the variable {UserList} with {UserLoginNameList}.

    Make the change on the Script Editor tab, then return to the Preview tab to verify that the variable has changed. The result is that the user receives an email with a list of usernames matching their email address, which does not include the login suffix. This can prevent confusion for users when you use multiple login suffixes.

Reset portal and login customization options

You can quickly reset your customizations to the default values by clicking the Reset buttons instead of manually changing settings.

  1. Click the Reset button associated with the user name hint text at login to use the default hint text.

  2. Click the Reset button at the bottom of the page to use the default settings for all the customization options on this page.

  3. Click the Reset button on the message template to use the default settings for that message template.

  4. Click Save.