Sample App Tenant Configuration

CyberArk Identity API capabilities demonstration using sample app tenant

This Sample Application showcases the capabilities of CyberArk Identity APIs, Widgets and also includes OAuth and OpenID Connect playground with all possible grant flows.

CyberArk Identity Tenant Configuration

If you don't have any existing CyberArk tenants, you can try a free trial tenant [here].(

Step 1: Create a role

  • To create a role refer here.
  • Ensure that User Management, Role Management Rights are added to the role under the Administrative Rights section.

Step 2: Setup an Authentication Profile

  • Setup an Authentication profile and add it to the policy under the Authentication Policies section. For more information, refer to here.

Step 3: Create a Policy

  • To create a policy, refer here.
  • Ensure that the above created role is added to the policy.

Step 4: Setup an OAuth Client Application

This OAuth app is used to send requests to Signup API using the bearer token generated for a service user and in OAuth user interactive and machine to machine flows.

Follow the steps below to configure OAuth Client app from the admin portal:

  1. Navigate to CyberArk Admin portal and click **Web Apps under the Apps section.
  1. Click “Add Web Apps”.
  2. Navigate to Custom section and add OAuth2 Client app.
  3. Open the OAuth2 client app.
  4. In the Settings section, add Application ID.
  1. In the General Usage, select Client ID Type as Confidential .
  2. Add the Redirect destinations based on your app configuration. For the sample app, add the redirect destinations below.
  1. Select Auth Code, Implicit, Client Creds & Resource Owner as Auth Methods and enter JwtRS256 as Token type and save. The sample app demonstrates all the grant flow.
  2. Click Save.
  1. Add a name for Scope and add regex as shown below. For more details on OAuth scope visit here.
  • Create a confidential client

    This client is required for client credentials grant flow.

    • Create a user and select the options under Status as shown below.
    • Add the new user to the above created role.
      Fore more details on confidential client visit here.
  • Setup Permissions for OAuth 2.0 Client.
    1. Add the above created role and give Run permission to generate Tokens.
  • For more details on OAuth2 Client app creation visit here

Setup an OpenID Connect Application

  1. Navigate to CyberArk Admin portal and click Web Apps under the Apps section.
  1. Click Add Web Apps and navigate to Custom section->Add OpenID Connect app.
  2. Open the OpenID Connect app created in above step.
  3. In Settings section add any ID of your choice for the Application ID.
  1. Navigate to Trust Section

    Enter client secret (E.g.: sample1234)

    • Add Resource application URL for the sample app.
  1. Add the Redirect destinations for the sample app.

Based on your app configuration the URLs configuration should be changed.

  • Setup Permissions for OpenID Connect.
    • Add the above created role and provide Run permission to generate Tokens.

For more Information on OpenID Connect, refer to here .

Specify Trusted DNS Domains for API Calls

  • Include Web App Domain in Trusted DNS Domains for API Calls.
    • Navigate to Settings -> Authentication -> Security Settings -> API Security in the admin portal.
    • Add an entry under Trusted DNS Domains for API Calls.

As part of the sample app, we have created using self-signed SSL and local hosts (DNS) mapping.