Manage users

This topic describes how tenant admins add and manage Remote Access users. You can view the full list of existing company users on the Users page.

Invite users to Remote Access

Remote Access users can authenticate to your environment and access applications securely. Before you can invite them to Remote Access, they have to download the CyberArk Mobile app and register. For more details, see Mobile app.


You can add users in the Remote Access web portal and in the CyberArk Mobile app. The information below is relevant for both options.

  1. Log in to the Remote Access Admin portal: (This is the US & Worldwide data center. If needed, change the suffix to a different data center).

  2. In the Remote Access menu, click Identities > Users, then click Invite to display the methods you can use to register a new user.

  3. Create an invitation for the new user using one of the following methods:

    • Email invitation

      1. Under Email Invitation, select Send link via default mail application to open an email message that contains a link to Remote Access, and send this email to the person who will join as a user,


      1. Click Copy to Clipboard and share the link to Remote Access via an alternative method.

      When the recipient receives the invitation link, they click the link to Remote Access, then scan the QR code with their CyberArk Mobile app.

    • Register on the spot

      Click Generate QR Code to display an immediate one-time QR code on your screen, which can be scanned by the new user with their CyberArk Mobile app.

  4. Now you can see the new user in the Users list. If not, refresh the page.

View user details

In the Users list, click any user to view their full details.

Configure company users

Remote Access integrates with your organization's Active Directory to allow existing company users to access Core PAS remotely via secure end-to-end encryption, without requiring a VPN. Users can add their Active Directory user credentials in the CyberArk Mobile app, which securely validates them through the Remote Access connector and your Domain Controller. Then, they just scan a QR code in the Remote Access portal to open the Applications page, where they can see their PVWAs and target systems.

Admin actions for users

The Users list displays all the Users that have been created for the tenant. This list includes regular users and tenant admins, as well as activated and deactivated users.


You can perform these actions in the Remote Access web portal and in the CyberArk Mobile app. The information below is relevant for both options.

For each user, the admin can perform the following actions:




Activate or deactivate this user.

Make sure you have configured Remote Access for AD integration so that you can activate users who are not tenant admins.

Delegate admin privileges

Elevate a regular user to tenant admin and give them permissions to manage Remote Access applications and invite vendors.


Delete the user from the Users list. You can invite this user again at any time.


Since users can be invited to multiple Remote Access tenants, deleting a user from your tenant severs the link and removes them from your tenant only, and not from the Remote Access SaaS. Each user can manage their own personal user data and delete their accounts from Remote Access, if required. For more information, see Profile.

Add a tenant admin

A tenant admin is a company user who has permissions to manage Remote Access applications and invite vendors. You can elevate any user to tenant admin status in the Users list.

  1. In the user account row, click and select Delegate admin privileges.

  2. You, the admin, now receive a notification on your CyberArk Mobile app asking you to confirm your request to delegate admin privileges to this user. Click Confirm.

    You can delete the notification, if you want.

  3. Now the user being invited as a tenant admin receives a notification on their CyberArk Mobile app, which they need to accept.

  4. The invited user is now promoted to a new tenant admin.

  5. Refresh the Users list and check that the new user’s role has been changed to Tenant admin and that their status is Activated.