CyberArk
Last updated
Last updated
In order to set up SAML integration on GitProtect login to your CyberArk Admin portal, open the Apps&Widgets section and select Web Apps.
Click Add Web Apps button.
select the Custom tab, find SAML on the list, and click Add button next to it.
With the next step you need to confirm that you want to add SAML as a Web App, click Yes button to do it.
You’ll be redirected to SAML Web App settings, where you can set up the Name for the app,
you also have to set up the Application ID in the Advanced section and Save the settings.
After that open the Trust tab and copy Metadata URL in Identity Provider Configuration section, which will be required by GitProtect.
After that, scroll down to Service Provider Configuration and set it to Manual Configuration.
In Sp Entity / Issuer / Audience type your Application ID(defined previously),
then in Assertion Consumer Service enter:
https://<yourGitProtectInstanceURL>/Auth/AssertionConsumerService
and in Single Logout URL:
https://<yourGitProtectInstanceURL>/auth/SAMLLogoutResponse
SAML Response tab
On the next stage go to SAML Response tab and scroll down to Script to set custom claims.
Enter the following script:
setFilteredAttributeArray("xoperogroup", LoginUser.RoleNames, "XONE.*");
setFilteredAttributeArray("xoperogroup", LoginUser.GroupNames, "XONE.*");
and press the Save button.
Permissions tab
Head over to Permissions tab, click Add button and select all the users that should’ve the possibility to use that integration and Save your settings.
Log into GitProtect Web panel, go to Settings and open External Identity Providers section. Click Add new provider button and fill in the details.
At first Name, which is your own custom name - i.e. Cyberark, then Entity ID, so in this example it is GitProtectSAML (Identifier that we’ve set on Cyberark side) and paste previously copied URL(from Trust tab on Cyberark side) into Metadata URL field.
Add certificate and password if required.
Set up a default Language and Role for the users with proper permissions and it's done!
You can now log out of your account and test the configuration with your configured integration.