CyberArk PVWA credentials

On this page

A CyberArk Privileged Vault Web Access (PVWA) credential entry in Remote Desktop Manager Windows centralizes authentication for connections. The entry can either target a specific CyberArk account or display a selectable list at connect time.

Open Remote Desktop Manager and select CyberArk PVWA (Credentials).

CyberArk PVWA (Credentials)
CyberArk PVWA (Credentials)

General

SETTINGSDESCRIPTIONS
Resolving mode

  •  PSM Connection: This will force the connection to pass through the CyberArk PSM to connect to the remote host.

  • Injection: This will simply inject the credential directly to the remote host.

Web service URLEnter the CyberArk server address in this format to connect to your CyberArk instance: https://<server name>.<our domain>.loc/.

The following is what your Web services URL will be, depending on your CyberArk subscription:

  • SelfHosted : Short URL

  • PrivilegeCloud: Short URL if the URL does not end in cyberark.cloud.

  • PrivilegeCloud: /privilegecloud if the URL ends in cyberark.cloud.

Virtual directory Enter a Virtual directory. This field is either /privilegecloud or empty.
 VersionSelect a Version in the drop-down list. This refers to the CyberArk PVWA version seen on the CyberArk authentication page.

Please note that we only support the CyberArk V12 API for now and that CyberArk version 12.1 is required.

AuthenticationSelect the Authentication mode used to connect to the CyberArk instance (CyberArk, Windows, LDAP, RADIUS,SAML, PKI, or PKIPN).

SAML authentication is supported with CyberArk in Remote Desktop Manager starting in version 2022.3.25. Important improvements and bug fixes were added in later versions. We recommend to at least update to the 2023.1 version of Remote Desktop Manager if your current version is older. In 2023.1, you no longer need to provide the identity provider IdP sign-in URL when configuring SAML authentication.

If you have trouble with your SAML authentication, consult SAML Configuration and Troubleshooting. SAML authentication for CyberArk Privilege Cloud requires Remote Desktop Manager 2023.2.17 or newer.

Your CyberArk vault administrator should provide you with the authentication model being used. In PVWA, if you select a link that matches your corporate domain name, that typically indicates that LDAP model is in use.

AccountSelect the account this credential entry is going to use. Check Always prompt with list and let the user choose the account.

Advanced

SETTINGSDESCRIPTIONS
MFA delimiter

The MFA delimiter option exists in Remote Desktop Manager to mirror the one that already exists with CyberArk. The character that is entered in the delimiter field will be used to separate the values of the SecurID code and the password that are then sent to the API.

Domain search method

  • Default

  • None

  • Field (this enables the Domain field option)

Domain field

  • Default

  • Address

  • Domain

  • Logon domain

  • Custom

Troubleshooting

If you need the domain specified most of the time, you need to set the Domain search method to Field and then the Domain field to Address.

Devolutions Forum logo Share your feedback