sion

Oracle Fusion Middleware : Oracle Identity and Access Management Suite 10g/11gR1/11gR2PS1,PS2,PS3 : OIM | OAM,OAAM,OIF | OID, OVD, DIP | OUD/ ODSEE | Microsft AD | OpenLDAP | ADF | EBS R12 | OECMCCR4 | Business Intelleigence - Bi Publisher | Banking | Demo Applications | Core Java | SQL | PLSQL | Web services | Weblogic | Tomcat | JBoss | OHS | WebGate | WebCenter | In any Queries please Contact Me : info@oratechsoft.com

Search This Blog

Saturday, 2 August 2025

CyberArk: Windows Authentication in PVWA

When CyberArk Vault is deployed in a Windows environment, Windows Authentication enables seamless access to the Password Vault Web Access (PVWA) interface. Users already authenticated to the Windows domain are automatically logged in to PVWA without needing to enter their credentials again.

Phase 1: Enable Windows Authentication in Classic PVWA Interface

Step 1: Log in to PVWA

  • Use the predefined Administrator account to log into the PVWA interface.

Step 2: Open System Configuration

  • Navigate to the ADMINISTRATION section.

  • Open the System Configuration page.

  • Click on Options to access the system configuration editor.

Step 3: Enable the Windows Authentication Method

  • Expand the Authentication Methods section.

  • Select windows from the list of supported authentication methods.

  • Set the Enabled property to Yes.

Step 4: Save the Configuration

Choose one of the following:

  • Click Apply to save and apply the changes immediately.

  • Click Save to save the changes and apply them after the duration defined in the RefreshPeriod parameter.

Phase 2: Enable Windows Authentication in PVWA V10 Interface

Note: This method is supported from CyberArk version 9.8 and above.

Step 1: Open IIS Configuration File

  • Open applicationHost.config located in:

%WinDir%\System32\Inetsrv\Config\applicationHost.config

  • Use Notepad (not Notepad++) with administrative privileges.

Step 2: Add Windows Authentication Configuration

At the end of the configuration file, add the following block:


<location path="Default Web Site/PasswordVault/api/auth/windows/logon">
  <system.webServer>
    <security>
      <authentication>
        <windowsAuthentication enabled="true" />
      </authentication>
    </security>
  </system.webServer>
</location>

Step 3: Restart IIS

  • Open a Command Prompt as Administrator.

  • Run the following command:

iisreset

This restarts the IIS server and applies the updated configuration.

Phase 3: Test Windows Authentication in PVWA

  1. Open the PVWA in a browser.

  2. From the list of available authentication methods, select Windows.

  3. If configured correctly, PVWA will automatically authenticate you using your current Windows session without prompting for credentials.


Screenshots for your reference: 

1. Enable the Windows Authentication via PVWA 

2. Configure the windows authentication on ApplicationHost.config 

Using Notepad (not Notepad++), open the IIS configuration file. By default, this is %WinDir%\System32\Inetsrv\Config\applicationHost.config. 
 
2) At the end of the file, add the following lines: 
******************** 
<location path="Default Web Site/PasswordVault/api/auth/windows/logon"> 
<system.webServer> 
<security> 
<authentication> 
<windowsAuthentication enabled="true" /> 
</authentication> 
</security> 
</system.webServer> 
</location> 
******************** 
 



3) Perform an IISRESET. 
 


3. Enable the Windows Authentication for User/group. 




4. Update the Internet option to enable user windows logon with current username and password. 



After doing this Windows Authentication should be working as expected through the new UI.

 
https://cyberarkpam.corp.com/PasswordVault/v10/logon/windows



Happy learning!!



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)