Integrate Remote Access with Shared Services

This topic describes how to integrate your Remote Access tenant with CyberArk's Identity Security Platform Shared Services.


To integrate Remote Access with Shared Services, your Remote Access tenant needs to be integrated with your CyberArk Identity tenant on Shared Services.

Before you begin

Activate Remote Access tenant with Shared Services

  1. When you receive the activation message, open the activation link on your computer and then click Agree and generate QR to open the Remote Access portal and display a QR code.

    By continuing, you agree to the CyberArk Remote Access Terms of Service and Privacy Policy.

  2. Using the CyberArk Mobile app, scan the QR code displayed on your computer screen to activate your Remote Access tenant.

  3. Click Sign-in and scan the QR code to sign in to the Remote Access portal.

  4. Log in to Identity Administration to find the following values, then copy them into the Identity SSO integration settings in Remote Access:

    Remote Access field

    CyberArk Identity Administration setting

    CyberArk Identity URL

    Enter the URL of the CyberArk Identity tenant. For example,

    The URL can be found in the CyberArk Identity Admin Portal. Go to Settings > Customizations > Tenant URLs.

    You must use the CyberArk Identity URL with the tenant ID. Custom domains are not supported.

    To find the CyberArk Identity tenant ID, click the user icon in the top right-hand corner, then click About,

    Identity username suffix

    The login name and suffix for the integration service user in CyberArk Identity Administration.

    Select Core Services > Users > Sets and select All Service Users to filter the user list and search for alero-integration-user$@<mySuffix>. Enter the name and the suffix in the Remote Access portal.

    For more information about the login suffix, see Manage login suffixes.


    The password you set for the alero-integration-user$@<mySuffix> user in CyberArk Identity Administration.

  5. Click Apply.

    When you link your Remote Access and CyberArk Identity tenants, some of your data is shared between the tenants. If you have previously selected a different data center for the two tenants, this results in data being transferred from one region to another.

  6. Click Proceed to continue.

    When the tenant is connected successfully, the following details appear below the settings.



    Company name

    The name of the company whose Remote Access system has been integrated with CyberArk Identity.

    Tenant URL

    The URL of the tenant in CyberArk Identity.


    The data center where this tenant was created.


    Whether or not all Remote Access is synchronized with CyberArk Identity.

    Remote Access automatically synchronizes with CyberArk Identity Administration, without any human intervention. If required, you can initiate a manual synchronization.

  7. Set the following:




    You can enforce user login only via CyberArk Identity SSO. When disabled, users can login via CyberArk Identity SSO or using a QR scan.


    When enabled, allows you to set a time interval for when users need to re-authenticate their user credentials . Default is set to every 30 days.

    Vendor access to CyberArk Identity web applications

    When activated, allows access for Vendors to web application protected by CyberArk Identity SSO and Secure Web Session.

    To invite Vendors to access CyberArk Identity applications, go to the Vendors invitation form.

    Built-in Role

    The default role applied to invited Vendors. For more information, see Change vendor license consumption.

  8. Click Authenticate to Identity.

    A new Site named Privilege Cloud and Application are created.