Connect to a cloud console

This topic describes how to connect to a cloud console through SCA. You have two options for connecting, based on whether you want to elevate your privileges for this work session or use your current permissions.

If you want to use the cloud management console with your current permissions, click the link in the instructions to connect directly to the console instead of via the options available in the list.

To connect to a cloud console

  1. Sign in to CyberArk Identity Security Platform Shared Services.

  2. In the User Portal > Applications page, click the relevant web app.

SCA supports both AWS IAM and AWS IAM Identity Center. See below for instructions on how to connect to both types of accounts.

In the AWS roles page for your account, find the cloud role that you want to use to connect to your AWS console and click Connect.

The AWS console opens with all the privileges that the cloud role you selected has permissions for.

  1. In the AWS permissions set page for your account, find the permission set that you want to use to connect to your AWS console and click Connect.

  2. When you are redirected to AWS, do the following:

    1. Click the AWS account card to view the account name with the permission set you selected.

    2. Click Management console to open the AWS console with the privileges available based on the permission set you selected.

In the Google Cloud resources page, find the resource that you want to access and click Connect.

The Google Cloud console opens with all the privileges that you have permissions for.

In the Azure resources page, find the scope that you want to access and do the following:

  • To access a directory or management group, click Select and choose the Azure role you want to use.

  • To access a subscription, resource group, or resource, click Connect.

The Azure console opens with all the privileges that the Azure role you selected has permissions for. If you connect to a subscription scope, you have the privileges of all the roles that are associated with the subscription and its child scopes.