Integrate CYBERARK with FileCloud

Before completing the following procedures, configure Apache Web Server. See SSO Configuration Step 1 on the page SAML Single Sign-On Support for configuration instructions.

As an administrator, you can integrate CYBERARK SSO via SAML into FileCloud. Once integrated your users will be able to access FileCloud with their same CYBERARK credentials.

CYBERARK is a cloud-based platform

Manage privileged accounts and credentials
Secure workforce and customer identities
Secure and manage access for applications and other non-human identities

In this integration scenario:

CYBERARK must be configured as an Identity Provider (IdP)
FileCloud will act as the Service Provider (SP)

Configure FileCloud with CYBERARK

Cyberark Dashboard

1a. Open a browser and log in to your CYBERARK admin portal

1b. From the left navigation pane, click Web Apps.

Add Web App window in CyberArk

1c. On the Web Applications panel, on the top right corner click, "Add Web App".

1d. Once the Add Web App popup panel appears, select the custom tab and scroll down until you find SAML and click Add, A confirmation panel might appear. Click Yes, and then close to access the added SAML Web App.

In Cyberark, enter a Settings Description

2a. Click Settings in the navigation panel. In Description, enter a meaningful name such as FileCloud SSO, and click Save at the bottom-center of the screen.

In Trust in Cyberark, download metadata

2b. Click Trust in the navigation panel, and download the metadata file.

Web App Trust screen in Cyberark. Choose metadata and ecopy IDP Entity ID

In Web App Trust screen in Cyberark click Manual Configuration and copy Single Logout URL

2C. Within the Identity Provider Configuration, expand "IdP Entity ID /Issuer," and copy the URL into a notepad. Select Manual Configuration, and copy the Single Logout URL into a notepad as it will be used in the next steps.

In Web App SAML Response screen in Cyberark click Add

2D. Access the "SAML Response" tab in the navigation panel, and add the following attribute Values:

uid = LoginUser.Username
mail = LoginUser.Email
givenName = LoginUser. DisplayName
sn = LoginUser.Shortname

Click Save.

FileCloud Single Sign-On requirements configuration.

3a. Configure Apache Webserver

3b. Once you have completed the Apache configuration, access the FileCloud Admin Web portal > Settings> SSO and complete the following:

Open the metadata file downloaded in step 2b, and copy its content into IdP Metadata.
Paste the Single Logout URL copied in step 2c into IdP Log Out URL (Optional)
Paste the IdP Entity ID/Issuer URL copied in step 2c into Idp Endpoint URL or EntityID
Configure the following attributes:
- IdP Username Parameter = uid
- IdP Email Parameter = mail
- IdP Given Name Parameter = givenName
- IdP Surname Parameter = sn
Click Save.

FileCloud Admin Portal Customization Login screen

3c. Enable SSO Login. Go to FileCloud Admin portal > Customization > General > Login. Enable Show SSO Link and "Show Login Options.

In Cyberark Web App Trust tab, Server Provider Configuration, Metadata selected

4a. Click the Trust tab in the navigation panel for the Web App, and scroll down to Service Provider Configuration. In URL, add the following: https://YOUR-FILECLOUD-URL/simplesaml/module.php/saml/sp/metadata.php/default-sp and click Load to download FileCloud's metadata,

In Cyberark Web App Trust tab, Server Provider Configuration, Manual Configuration selected

4b. Once you have loaded FileCloud's Metadatada, change the settings from Metadata to Manual Configuration and disable Encrypt SAML Response Assertion, Click Save.

	5a. Access FileCloud's user portal and click Login In with SSO
	5b. You are redirected to your CYBERARK login page, After you complete your user authentication you are redirected to FileCloud.

Now you can use Single Sign-On with CYBERARK from FileCloud.