/
Configuring Single Sign-on with CyberArk Identity

Configuring Single Sign-on with CyberArk Identity

Overview

CyberArk Identity is one of several Identity Providers that your organization can configure for SSO and use to log in to your Zilla Security tenant.

Scope: Admins

This article covers the following topics:

Prerequisites

  • Admin account with Zilla Security

  • SSO has not been configured or existing SSO configuration has been deleted in Zilla settings

  • System Administrator account with CyberArk Identity

Zilla SAML Provider Setup

  1. Log in as a Zilla admin and click the Settings tab on the left side of the page. On the Discovery & Configuration tab, expand the Single Sign-On Provider dropdown and click Configure.

Configure SSO.png

  1. Select SAML and click Configure.

SAML Option.png

  1. The Configure SAML dialog that will open contains the Zilla ACS URL and Zilla Entity ID as well as fields to enter the IdP SSO (Single sign-on) URL, IdP Entity ID (Issuer), and IdP X.509 Certificate. Keep the Configure SAML dialog open and open another browser tab.

CyberArk Identity Application Setup

  1. Log in to CyberArk Identity as a System Admin.

  2. Expand the Apps & Widgets dropdown on the left side of the page and select Web Apps.

  3. Click Add Web Apps.

  4. Click the Custom tab in the dialog that appears and click Add to the right of the SAML option.

  1. On the Settings tab of the dialog that appears, configure the application including the Name, Description, Category, and Logo. Click here to download the Zilla Security logo.

  1. Click the Trust tab and ensure that Manual Configuration is selected on the left side of the page.

  2. Click to expand the IdP Entity ID / Issuer dropdown and click Copy next to the value.

  1. Paste that value into the IdP Entity ID (Issuer) field in the Configure SAML dialog in Zilla.

  1. Expand the Signing Certificate dropdown and click Download to download a copy of the signing certificate.

  1. Paste the contents of the Signing Certificate file into the IdP X.509 Certificate field in Zilla.

Important: When pasting the certificate into the Zilla IDP X.509 Certificate field, remove -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from the pasted value.

  1. In Cyberark Identity, click Copy next to the Single Sign On URL field.

  1. Paste that value into the IdP SSO (Single Sign-on) URL field in Zilla.

  1. In Zilla, click Copy next to Zilla ACS URL.

  1. Paste that value into the Assertion Consumer Service (ACS) URL field in CyberArk Identity.

  1. In Zilla, click Copy next to Zilla Entity ID (SP Entity ID).

  1. Paste that value into the SP Entity ID / Issuer / Audience field in CyberArk Identity.

  1. Click the SAML Response tab, click Add in the Attributes field, and map attributes from your source directory to include in the SAML response.

  1. Next, add permissions for the Zilla app in CyberArk Identity so that the admin user can log in. Click the Permissions tab and click Add.

  1. Use the search bar to search for the admin user in the CyberArk Identity directory who will administer Zilla Security and check the box next to their user information to select the user.

  1. Click Add.

  1. Click Save.

Validation

  1. In the Zilla app, click Validate in the Configure SAML dialog.

After the admin has tested the configuration and validated that it is correct, reviewers, technical owners, or app owners can log in to Zilla to see the apps and reviews they have been assigned using SSO via CyberArk Identity.