Invite users to Secure Web Sessions
This topic describes how SWS Admins can invite users to Secure Web Sessions and delegate roles.
SWS Admins can send an invitation to invite users to Secure Web Sessions either by invitation link or by scanning a QR code. Users complete a form with their details and the SWS Admin then activates their user .
Once the user is added to Secure Web Sessions, SWS Admins can elevate users to SWS Admin or SWS Auditor roles.
Application members are added from the CyberArk Identity Admin portal. For details, see Add or remove users to and from provisioned applications.
Before you begin
Before you can invite users to Secure Web Sessions, they have to download the CyberArk Mobile app and register. For more details, see Download the CyberArk Mobile app.
New end users of the CyberArk Mobile app, who are assigned an application that is protected by Continuous Authentication, can have their trusted mobile device joined to SWS during their first application access QR, and aren't required to join via an invitation.
Step 1: Invite users to Secure Web Sessions
In the Secure Web Sessions portal, click Identities > Users
Click Invite to display the methods you can use to register a new user.
Create an invitation for the new user using one of the following methods:
Under Share link, click Copy to clipboard to copy a template of the link and message to send to users. You can paste the message in an email or any other method you want to send it to the user.
When the recipient receives the invitation link, they click the link to Secure Web Sessions, then scan the QR code with their CyberArk Mobile app.
Register on the spot
Click Generate QR Code to display an immediate one-time QR code on your screen, which can be scanned by the new user with their CyberArk Mobile app.
Use this procedure to elevate users to SWS Admin or Auditor roles.
Users in Admin role can enable Secure Web Sessions for applications and can switch between the CyberArk Identity Admin portal and the Secure Web Sessions portal.
Users in the SWS Auditor role receive a unique auditors key for decryption session data on their local machine browser.
In the Secure Web Sessions portal, click Identities > Users.
In the user account row, click and select Delegate admin privileges or Delegate auditor privileges.
A confirmation message is sent to your CyberArk Mobile app asking you to confirm your request to delegate admin privileges to this user. Click Confirm.
You can delete the notification, if you want.
The delegated user now receives a notification to their CyberArk Mobile app, which they need to Accept.
After the user accepts the Admin or Auditor role delegation, you can refresh the Users list and check that the user's role is changed to SWS Admin or SWS Auditor, and that their status is Activated.
Step 3: Validate CyberArk Identity credentials in Secure Web Sessions portal
The first time a new Admin or Auditor access the Secure Web Sessions portal, they are prompted to validate their Identity credentials.
Go to the Secure Web Sessions portal.
Click Authenticate to Identity and enter your CyberArk Identity credentials.
For more information about CyberArk Identity settings used for SWS integration, see Activate the SWS tenant, and configure CyberArk Identity settings in the SWS portal