Before Installation

We recommend that you install the PVWA automatically using the PAS deployment scripts, as described in Automatic Installation.

Work with a secure channel

A secure channel is required between the PVWA machine and the Internet Browser, therefore, an SSL certificate must be installed on the Web server. In addition, HTTPS binding must be configured on the web site where the PVWA is installed.

Install the PVWA server prerequisites

The PVWA_Prerequisites script automates PVWA server prerequisites by doing the following:

  • Installs Web Server Roles

  • Disables IPv6

  • Configures the self certificate

Web Server roles

Before installing the PVWA, add the Web Server role.


.NET Framework is installed as part of the PVWA and does not need to be installed before running installation.

  • Windows 2012R2 - .Net Framework 4.5.2 is installed

  • Windows 2016 - By default, .Net Framework 4.6.2 is installed. CyberArk recommends installing .Net Framework 4.7.1 with update KB4054856.

Vault user authorizations

During installation, Safes and a User are created to enable the Password Vault Web Access to work. In order for the installation to create these successfully, the Vault user who will carry out the installation must have the following authorizations in the Vault:

Add Safes
Add/Update Users
Reset Users’ Passwords
Activate Users
Manage Server File Categories
Audit Users

You can use the built-in Administrator user to install the PVWA.

Safe ownership

You must have ownership of the VaultInternal and Notification Engine safe.

Close all applications

Close all other applications currently running on your computer, before installing the Password Vault Web Access.

Log onto Windows as the Administrator user

Before beginning installation, log onto Windows as the Administrator user.

TruePrivileged Access Security11.2