CyberArk Dashboard Configuration and Use

The purpose of the CyberArk Dashboard entry is to provide Remote Desktop Manager users with an interface that eliminates the need to use Password Vault Web Access (PVWA) to see the list of safes and credentials that the currently logged on user has access to. Combined with password-less scenarios and/or our rich role-based access control (RBAC), this means that a user does NOT need to know the CyberArk credentials to be presented with a list of accounts they have access to. Additionally, since the dashboard is meant to authenticate once to your server and, most importantly, maintain an active session for as long as it is active, it has the significant advantage of only requiring MFA once when you launch the dashboard.

Another design principle of the dashboard is that its main usage model is to go through the CyberArk Privileged Session Manager (PSM) to reach assets. This means that Remote Desktop Manager does NOT need to read the password for the account to be used. Less secure models are available to support older scenarios that some of our customers are still using.


  1. Create a new CyberArk Dashboard entry or go to the Properties of your existing one.
  2. In the General section, specify a Name and Folder for your entry if that's not already done.

CyberArk Dashboard Properties – General – Name and Folder
CyberArk Dashboard Properties – General – Name and Folder

General Tab

General Tab
General Tab

  1. Enter the Web services URL to connect to your CyberArk instance. It is the address of the server and should look like "https://..loc/".
  2. Enter a Virtual directory if applicable. Most of the time, this field can remain empty.
  3. Select a Version in the drop-down list. This refers to the CyberArk PVWA version seen on the CyberArk authentication page.

Please note that we only support the CyberArk V12 API for now and that CyberArk version 12.1 is required.

  1. Select the Authentication mode used to connect to the CyberArk instance (CyberArk, Windows, LDAP, RADIUS, or SAML).

SAML authentication is supported with CyberArk since version 2022.3.25 of Remote Desktop Manager, but important improvements and bug fixes have been implemented in ulterior versions. We recommend to at least update to the 2023.1 version of Remote Desktop Manager if your current version is older. One of the improvements in version 2023.1 is that you no longer have to provide the IdP sign-in URL when configuring your SAML authentication. If you have trouble with your SAML authentication, try our SAML Configuration and Troubleshooting topic.

SAML authentication for CyberArk Privilege Cloud is currently not supported.

Your CyberArk Vault administrator should provide you with the authentication model being used, but if, in the PVWA, you click on a link that matches your corporate domain name, this indicates that the LDAP model is being used. The icon looks like the following: LDAP CyberArk Icon

  1. In the Authentication credentials drop-down list, select Custom to enter your credentials below or select them using a Remote Desktop Manager mechanism. This list is not available with the SAML Authentication mode.

As with all Dashboard entries in Remote Desktop Manager, if you are creating an entry that will be visible to multiple users, we recommend choosing My Account Settings PVWA, then visiting File – My Account Settings – CyberArk PVWA to enter your personal CyberArk credentials.

  1. Follow this step if you selected Custom in the Authentication credentials list. If not, skip to the Advanced Tab section.
    1. Enter your Username and Password in the corresponding fields. Use the Password generator to help you create a secure password.
    2. Check the Always ask password box to be prompted for you password each time you connect.
    3. If you have a RSA SecurID code, check the Append RSA SecurID code to password box, then select below the RSA SecurID source.

Advanced Tab

The Advanced tab is divided into three sub-tabs: General, PVWA, and PSM.


Advanced Tab – General
Advanced Tab – General

  1. The Auto refresh option is enabled by default. It maintains the connection to your CyberArk environment and removes the need to enter 2FA credentials on every connection. It is recommended to leave it enabled.
  2. Check Open sessions externally if you do not want your sessions to open in embedded mode in Remote Desktop Manager. This is mostly useful for technologies that only support being open externally, such as PSMP (PSM-SSH) and PSM-.
  3. Check Allow connect to host if you want to allow a direct connection to the remote machine, meaning that the currently logged on user needs to have the right to view the password; it is therefore less secure and is not recommended by the CyberArk team.
  4. Check Ask for reason if you are required to have a reason to establish a connection.
  5. Check Ask for ticket number if you are required to provide a ticket number to establish a connection. The Ticketing system field that is paired with this option is a string value that makes sense in your environment. It is informative and we send it along with the number.
  6. Set the default Username format to be able to connect to the remote machine. It can also be changed in the dashboard for ad hoc connections, but this will be the default format for this dashboard instance.
  7. Select the Domain search method in the drop-down list.
  8. The Domain field drop-down list is only relevant when the Username format is set to the Field value. Depending on how your Vault was set up, there can be various CyberArk fields used to hold the domain information. Choose the value that corresponds to your Vault settings.


Advanced Tab – PVWA
Advanced Tab – PVWA

  1. The Allow direct connections (PVWA) option is enabled by default. It allows the exact same action as the Connect button offers in PVWA.
  2. In the Connection components box, enter the components you wish to use for your connections. We initialize the field with the default components of a vanilla CyberArk installation, but this list MUST match the components configured in your vault.


Advanced Tab – PSM
Advanced Tab – PSM

  1. The Allow connect using PSM (alternate shell) option is disabled by default. Enable it if you want to allow connections via PSM, but using the legacy method of providing an alternate shell.

This is provided as a convenience and is not recommended by the CyberArk team. It has some limitations when compared to the Connect action from PVWA which uses a limited lifetime token.

You must have a PSM Server entry configured in the same vault. Select it in the PSM server drop-down list.

Using the Dashboard

Please note that for the sake of clarity, this section will only provide information about the main usage model of connecting through the PSM.

User Interface

CyberArk Dashboard User Interface
CyberArk Dashboard User Interface

  1. The Actions menu allows you to:
    • Log in or out from the dashboard.
    • Connect to a host using the selected credentials.
    • Refresh the content of the safe.
    • Add a safe to your favorites.
  2. The top menu allows you to:
    • Select a safe to connect to.
    • Select the Username format.
    • Allow or disallow the session to Open externally (not embedded in Remote Desktop Manager).
    • Refresh the content of the safe.
    • Enable or disable the Auto refresh. If disabled, PSM connections may require MFA upon every connection.
  3. The content area allows you to see and interact withe the accounts within a safe or group. You can see the Account, its Address, its Platform, and the Safe in which it is located.

Selecting a Safe

With the safe selector, you can browse your safes and select the one you wish to use.

Safe Selector
Safe Selector

  1. The upper section of the drop-down list contains a subset of the safes that one has access to. You can also see and manage the list of excluded safes in File – Options – Types – CyberArk
  2. Favorites will display accounts that have been tagged as favorites, but from within Remote Desktop Manager. This is not a CyberArk functionality.
  3. Show all will list all accounts that the user has access to. For certain users, this we be a sizeable list and will not be a quick operation. It is provided for users that have access to a finite list of accounts.
  4. Browse... will display the safe selection dialog, where there is paging and filtering to help the user to locate the relevant safe. Again, they are listed by default in the order received from CyberArk.

Below is a preview of the CyberArk Select Safe page that appears after selecting Browse... in the safe selector.

CyberArk Select Safe
CyberArk Select Safe

In this view, if you select a safe and click OK, you will then be able to view the accounts from that safe.

Accounts View
Accounts View

Connecting to a Host

After selecting the account you wish to use, you can either use the Connect button in the Actions menu or right-click and select the appropriate connection component.

Connect to an Account
Connect to an Account

In both cases, you will then see a dialog box that allows you to specify the host you want to connect to.

Selecting a Host

CyberArk Select Host
CyberArk Select Host

  1. Host field
    • If the CyberArk Remote machine access field is used in the account properties, the endpoints that were entered will be listed in this field. It allows for connections even for assets that are not managed in Remote Desktop Manager.
    • If the CyberArk Remote machine access field is not used, you can type in any name in the control to connect to it. Please note that name resolution is performed at the PSM level. Therefore, please adhere to the standards of your CyberArk installation to achieve success.
  2. Filter field: Type in characters that fit an asset name to have a filter applied in the grid below.
  3. The grid will display entries that represent a host system. Therefore, connect to the one that represents the endpoint you need to connect to.

Using the Remote Desktop Manager Navigation Pane to Establish Connections

After selecting the account in the CyberArk Dashboard, you can also use the Navigation Pane to select a host by right-clicking an entry and navigating to the Connect using menu.

Connect using
Connect using