Enable read-only access for CyberArk Identity support

This topic describes how to grant CyberArk support read-only access to your organization's tenant.

You can grant CyberArk support read-only access to your CyberArk Identity account to solve a problem. You can also use Secure Zones to grant access for troubleshooting problems.

Do not grant read-only access until you and your CyberArk support technician agree that it is the best approach to solving your problem. You and the technician should also decide the appropriate time period before you grant access.

Enable read-only access for CyberArk support

  1. In the Identity Administration portal, select the drop-down menu next to your log-in account name, then click Support.

  2. Select the appropriate time period in the Grant read-only access to CyberArk support drop-down menu.

  3. Select a time period and CyberArk Identity automatically creates the following:

    • A CyberArk Identity user account named techsupport_aaannnn where aaannnn is your customer id.

    • A role named Technical Support Access with the Administrative Right for Read Only System Administration. The role is added to the account.

    This is the account CyberArk support technician uses to log in to your administrator portal. When the time period expires, this user account is locked and future attempted log-ins are blocked.

  4. Click Save.

Revoke read-only access for CyberArk support

  1. In the Identity Administration portal, select the drop-down menu next to your log-in account name, then click Support.
  2. Select -- Remove Access -- from the drop-down menu, then click Save.

    CyberArk Identity deletes the techsupport_aaannnn user account.