Setup CyberArk Identity tenant for Java angular sample app

The Java angular sample Application showcases the capabilities of CyberArk Identity APIs, Widgets and includes OAuth and OpenID Connect playground with all possible grant flows.

Follow this guide to set up the CyberArk Identity tenant and integrate it with Java angular sample app.

If you don't have any existing CyberArk tenants, you can try a free trial tenant [here]. (

Step 1: Create a role

  • To create a role refer here.
  • Ensure that User Management, Role Management Rights are added to the role under the Administrative Rights section.

Step 2: Setup an Authentication Profile

  • Set up an Authentication profile and add it to the policy under the Authentication Policies section. For more information, refer to here.

Step 3: Create a Policy

  • To create a policy, refer here.
  • Ensure that the above-created role is added to the policy.

Step 4: Setup an OAuth Client Application

The OAuth app is sent for machine-to-machine flows. We need to first set up a service user that will be further used to request M2M tokens on behalf of the client application.

Follow the below steps to create a confidential client:

  • Create a user and select the options under Status as shown below.
  • Add the new user to the above created role.
    Fore more details on confidential client visit here.

Follow the steps to setup the custom OAuth app.

Note: The service user must be given permission to this OAuth app.

Setup an OpenID Connect Application:

Follow the steps to setup the custom OpenID Connect app.


The resource application URL for the sample app:
The redirect application URI for the sample app:


Add the above created role and provide Run permission to generate tokens.

Specify Trusted DNS Domains for API Calls:

 *  Include Web App Domain in Trusted DNS Domains for API Calls.
 * Navigate to Settings -> Authentication -> Security Settings -> API Security in the admin portal. 
 * Add an entry under Trusted DNS Domains for API Calls.

As part of the sample app, we have created using self-signed SSL and local hosts (DNS) mapping.


Configure ReCaptcha for signup:

  • On Admin Portal, Navigate to Settings--> Authentication --> Security Settings and enable Captcha as shown below.
  • Navigate to Settings--> Customization--> System Configuration and Enable the "Use Custom reCAPTCHA V2 API Settings" option to use custom reCAPTCHA settings for your tenant.
    Otherwise, default reCAPTCHA settings will apply. Then, provide Site Key and Secret key as shown below.

Setup the widgets:

Configure the authentication and MFA widgets on the admin portal and save the widget ID.