Invite users to Secure Web Sessions

This topic describes how SWS Admins can invite users to Secure Web Sessions and delegate roles.

Overview

SWS Admins can send an invitation to invite users to Secure Web Sessions either by invitation link or by scanning a QR code. Users complete a form with their details and the SWS Admin then activates their user .

Once the user is added to Secure Web Sessions, SWS Admins can elevate users to SWS Admin or SWS Auditor roles.

 

Application members are added from the CyberArk Identity Admin portal. For details, see Add or remove users to and from provisioned applications.

Before you begin

  • Before you can invite users to Secure Web Sessions, they have to download the CyberArk Mobile app and register. For more details, see Download the CyberArk Mobile app.

  • New end users of the CyberArk Mobile app, who are assigned an application that is protected by Continuous Authentication, can have their trusted mobile device joined to SWS during their first application access QR, and aren't required to join via an invitation.

Invite users

Step 1: Invite users to Secure Web Sessions

  1. In the Secure Web Sessions portal, click Identities > Users

  2. Click Invite to display the methods you can use to register a new user.

  3. Create an invitation for the new user using one of the following methods:

    • Share link

      Under Share link, click Copy to clipboard to copy a template of the link and message to send to users. You can paste the message in an email or any other method you want to send it to the user.

      When the recipient receives the invitation link, they click the link to Secure Web Sessions, then scan the QR code with their CyberArk Mobile app.

    • Register on the spot

      Click Generate QR Code to display an immediate one-time QR code on your screen, which can be scanned by the new user with their CyberArk Mobile app.

Step 2: Delegate users to SWS Admin or Auditor roles

Use this procedure to elevate users to SWS Admin or Auditor roles.

Users in Admin role can enable Secure Web Sessions for applications and can switch between the CyberArk Identity Admin portal and the Secure Web Sessions portal.

Users in the SWS Auditor role receive a unique auditors key for decryption session data on their local machine browser.

  1. In the Secure Web Sessions portal, click Identities > Users.

  2. In the user account row, click and select Delegate admin privileges or Delegate auditor privileges.

  3. A confirmation message is sent to your CyberArk Mobile app asking you to confirm your request to delegate admin privileges to this user. Click Confirm.

    You can delete the notification, if you want.

  4. The delegated user now receives a notification to their CyberArk Mobile app, which they need to Accept.

  5. After the user accepts the Admin or Auditor role delegation, you can refresh the Users list and check that the user's role is changed to SWS Admin or SWS Auditor, and that their status is Activated.

Step 3: Validate CyberArk Identity credentials in Secure Web Sessions portal

The first time a new Admin or Auditor access the Secure Web Sessions portal, they are prompted to validate their Identity credentials.

  1. Go to the Secure Web Sessions portal.

  2. Click Authenticate to Identity and enter your CyberArk Identity credentials.

    For more information about CyberArk Identity settings used for SWS integration, see Activate the SWS tenant, and configure CyberArk Identity settings in the SWS portal