Configuring Single Sign-on with CyberArk Identity
Overview
CyberArk Identity is one of several Identity Providers that your organization can configure for SSO and use to log in to your Zilla Security tenant.
Scope: Admins
This article covers the following topics:
Prerequisites
Admin account with Zilla Security
SSO has not been configured or existing SSO configuration has been deleted in Zilla settings
System Administrator account with CyberArk Identity
Zilla SAML Provider Setup
Log in as a Zilla admin and click the
Settings
tab on the left side of the page. On theDiscovery & Configuration
tab, expand theSingle Sign-On Provider
dropdown and clickConfigure
.
Select
SAML
and clickConfigure
.
The
Configure SAML
dialog that will open contains theZilla ACS URL
andZilla Entity ID
as well as fields to enter theIdP SSO (Single sign-on) URL
,IdP Entity ID (Issuer)
, andIdP X.509 Certificate
. Keep theConfigure SAML
dialog open and open another browser tab.
CyberArk Identity Application Setup
Log in to CyberArk Identity as a System Admin.
Expand the
Apps & Widgets
dropdown on the left side of the page and selectWeb Apps
.Click
Add Web Apps
.Click the
Custom
tab in the dialog that appears and clickAdd
to the right of theSAML
option.
On the
Settings
tab of the dialog that appears, configure the application including theName
,Description
,Category
, andLogo
. Click here to download the Zilla Security logo.
Click the
Trust
tab and ensure thatManual Configuration
is selected on the left side of the page.Click to expand the
IdP Entity ID / Issuer
dropdown and clickCopy
next to the value.
Paste that value into the
IdP Entity ID (Issuer)
field in theConfigure SAML
dialog in Zilla.
Expand the
Signing Certificate
dropdown and clickDownload
to download a copy of the signing certificate.
Paste the contents of the Signing Certificate file into the
IdP X.509 Certificate
field in Zilla.
Important: When pasting the certificate into the Zilla IDP X.509 Certificate field, remove -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
from the pasted value.
In Cyberark Identity, click
Copy
next to theSingle Sign On URL
field.
Paste that value into the
IdP SSO (Single Sign-on)
URL field in Zilla.
In Zilla, click
Copy
next toZilla ACS URL
.
Paste that value into the
Assertion Consumer Service (ACS) URL
field in CyberArk Identity.
In Zilla, click
Copy
next toZilla Entity ID (SP Entity ID)
.
Paste that value into the
SP Entity ID / Issuer / Audience
field in CyberArk Identity.
Click the
SAML Response
tab, clickAdd
in theAttributes
field, and map attributes from your source directory to include in the SAML response.
Next, add permissions for the Zilla app in CyberArk Identity so that the admin user can log in. Click the
Permissions
tab and clickAdd
.
Use the
search bar
to search for the admin user in the CyberArk Identity directory who will administer Zilla Security and check thebox
next to their user information to select the user.
Click
Add
.
Click
Save
.
Validation
In the Zilla app, click
Validate
in theConfigure SAML
dialog.
After the admin has tested the configuration and validated that it is correct, reviewers, technical owners, or app owners can log in to Zilla to see the apps and reviews they have been assigned using SSO via CyberArk Identity.