Enable SWS protections for specific groups in IdP

This topic describes how to enable Secure Web Sessions protections for a specific group of app users in your IdP.

Enable SWS for a specific group in Azure

This procedure explains how to enable SWS based on specific group app access in Microsoft Azure.

1. Log in to Microsoft Azure as an admin.

2. Go to the Attributes and Claims page of your application SAML settings, and click Add Group Claim.

3. Select the type of group you want associated with the claim.

4. Go to the Advanced options, and click Customize the name of the group claim.

5. Enter the SWS customized claim UseCyberArkSWS.

6. Select Apply regex replace to groups claim content to identify the group to apply this claim to.

   • Take the Object Id from the Group properties and add it to the regex pattern.

   • Set the regex replacement pattern to Yes to determine the output. This allows SWS to identify this claim.

7. Click Test sign in to make sure the users of the group are routed through SWS when accessing the application. You should be routed through the SWS validation screen before the app is accessed.

   

Enable SWS for a specific group in Okta

This procedure explains how to enable SWS based on specific group app access in Okta.

1. Log in to Okta as an admin.

2. Go to the SAML configuration of your application and click Edit in the SAML settings.

3. On the Configure SAML page, scroll down to the Attribute Statements section.

4. In the Name field, enter the SWS customized claim UseCyberArkSWS

5. In the Value field, enter the following regex value: isMemberofGroupName("group name") ? "yes" : null.

6. Save the SAML settings, and test sign in to make sure the users of the group are routed through SWS when accessing the application. You should be routed through the SWS validation screen before the app is accessed.