Access a secure web session

This topic describes how end-users access applications using Secure Web Sessions.

Before you begin

Make sure the Secure Web Sessions browser extension is installed on your web browser.

For more information, see Deploy the browser extension.


Applications that have Secure Web Sessions enabled are not available from the CyberArk Identity mobile app. Secure Web Sessions uses a browser extension that cannot be installed on the CyberArk Identity mobile app.

Access an application with SWS protections

Open an application using your SSO. CyberArk Identity applications using Secure Web Sessions are indicated with the SWS icon.

After you are authenticated, certain actions might result in alert notifications being sent from SWS to your operating system. Notifications appear when a session recording is started, action is blocked, and when a Session Control rule is triggered.

When a recording has started, the Secure Web Sessions browser extension icon changes to red .

View active security layers for an application session

To view the active security layers being applied to your application session, click the SWS browser extension icon.

Re-authenticate to web applications

If your administrator enabled Continuous Authentication to web applications, you might be prompted to re-authenticate to sessions by scanning a QR code using the CyberArk Mobile app, or via another MFA challenge. This prompt is triggered after you have been idle for a certain amount of time, or if a session is detected as being possibly unattended and therefore susceptible to outside threats.

SWS uses the mobile device pedometer to count the amount of footsteps taken from the beginning of a web session, to indicate if a sensitive web session might have been left unattended.

Upon first access to an application where Continuous Authentication with pedometer lock was enabled by your administrator, you need to allow CyberArk Mobile access to Location and Motion & Fitness (for iOS), or access to physical activity (Android) before you are granted access to the sensitive web application. These access permissions are only used to count the number of footsteps taken from the start of the web session, and this data is collected and processed locally on your device to protect privacy.

If you deny access to Location and Motion & Fitness activities on iOS devices, you will not be prompted again.

To gain access to the web session, you need to go to the CyberArk Mobile settings on your mobile device and manually allow access to Location and Motion & Fitness.

Your activities are only monitored during sensitive web sessions that require it, and activities are no longer tracked when you close the sensitive web session.