Activate Secure Web Sessions

This topic describes how to integrate CyberArk Identity with Secure Web Sessions (SWS), and to enable SWS protections for CyberArk Identity applications.

Before you begin

Configure CyberArk Identity and Secure Web Sessions integration

This section describes how to configure initial settings in CyberArk Identity to integrate with CyberArk Secure Web Sessions. To perform the following steps, you must be a user in the CyberArk Identity System Administrator role.

Step 1: Set a password for the SWS integration service user in the CyberArk Identity Admin Portal

  1. In the CyberArk Identity Admin Portal, go to Core Services > Users > Sets and select All Service Users to filter the user list.

  2. Right-click sws-integration-user$@<mySuffix>, then click Set Password and configure a password.

    The Secure Web Sessions portal requires this password during integration set up.

Step 2: Activate the SWS tenant, and configure CyberArk Identity settings in the SWS portal

  1. When you receive the SWS activation message in your welcome email, click the activation link on your computer, then click Agree and generate QR code.

  2. Using the CyberArk Mobile app, scan the QR code displayed on your computer screen, and click Sign in.

  3. Scan the QR code to sign in to the Secure Web Sessions portal.

  4. Configure the following fields in the Secure Web Sessions portal using settings from the CyberArk Identity Admin portal:

    SWS portal field

    Setting from the CyberArk Identity Admin portal

    CyberArk Identity URL

    The URL of the CyberArk Identity tenant. For example, aaa1234.id.cyberark.cloud.

    To find the URL, go to Settings > Customizations > Tenant URLs.

    You must use the CyberArk Identity URL with the tenant ID. Custom domains are not supported.

    To find the CyberArk Identity tenant ID, click the user icon in the top right-hand corner, then click About,

    Identity service user login name and Suffix

    The login name and suffix for the integration service user in the CyberArk Identity Admin portal.

    Select Core Services > Users > Sets and select All Service Users to filter the user list and then search for sws-integration-user$@<mySuffix>. Enter the name and the suffix in the SWS portal.

    For more information about the login suffix, see Manage login suffixes.

    Secret

    The password you set previously for the sws-integration-user$@<mySuffix> user in the CyberArk Identity Admin portal.

  5. Click Apply.

  6. Click Authenticate to CyberArk Identity.

Enable Secure Web Sessions on CyberArk Identity SSO applications

After you set up CyberArk Identity and integrate it with SWS, you can enable SWS for individual applications in CyberArk Identity Admin Portal > Web Apps.

The SWS security layers can work with any application type created in CyberArk Identity and can be enforced for any application where CyberArk Identity SSO is the IdP.

This section describes how to apply SWS protections to CyberArk Identity SSO applications only.

To apply SWS protections for applications using other IdPs, such as Okta and Microsoft Azure, see Configure SWS protections for applications

  1. In CyberArk Identity Admin Portal > Web Apps, select the application where you want to enable SWS.

    To add new web applications from the CyberArk Identity App catalog, see Add CyberArk Identity Web Apps.

  2. Click the Secure Web Sessions page, select Enable Secure Web Sessions, and then click OK at the confirmation message.

  3. Click Save.

    It can take up to 15 minutes to sync the application with SWS. If you want to begin configuring SWS policies right away, you can go to the SWS Admin portal and click the Sync button on the Application policies page.

    Refer to Manage application policies for details about managing policies.

    After you enable SWS for an application, CyberArk Identity displays the SWS icon in the User Portal application tile. SWS-enabled applications are also visible in the Secure Web Sessions portal.

 

Apps that have Secure Web Sessions enabled are not available from the CyberArk Identity mobile app. Secure Web Sessions uses a browser extension that cannot be used on mobile devices.