The CyberArk Authenticator desktop application can be installed on both Windows and MacOS operating systems. It is designed to generate Time-based One-Time Passwords (TOTPs) for use in two-factor authentication, providing an additional layer of security for user sign-ins.

References: This information is based on the CyberArk documentation which specifies that the CyberArk Authenticator is compatible with Windows and macOS machines1.

In the context of web application connectors:

• OpenID Connect is an identity layer on top of the OAuth 2.0 protocol, which allows for the secure issuance of access tokens representing user identity. It relies on JSON Web Tokens (JWTs) for the identity information of the users, which enables client applications to verify the identity of the end-user based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.
• Bookmark is a simple type of web app connector that doesn't provide single sign-on (SSO) capabilities. Instead, it acts as a shortcut, allowing users to quickly access web applications or URLs without requiring any form of automated authentication.
• Browser Extension refers to a tool that automates the process of entering a user's credentials into applications that do not support standard SSO protocols. The extension can store the username and password and automatically input these details when the user navigates to the login page of a web application, effectively simulating an SSO experience for non-SSO applications.

C:\Users\Waqas Shahid\Desktop\Mudassir\Untitled.jpg

To automatically create user accounts in Salesforce with varying licenses via CyberArk Identity, one must follow a sequential process starting with the verification of provisioning credentials. This is the foundation for ensuring that the provisioning process has the necessary permissions and access to make changes in Salesforce. Once verified, provisioning must be enabled on the Salesforce application within CyberArk Identity, which allows the two systems to communicate and transfer data.

Following this, roles need to be created within CyberArk Identity that corresponds to different Salesforce licenses or entitlements. Roles in CyberArk Identity define the access level and permissions that a user account will have when provisioned into Salesforce.

After roles are established, role mappings are added. Role mappings are associations between the CyberArk roles and Salesforce licenses. This tells CyberArk Identity which Salesforce license to assign when it creates a new user account based on the role that has been assigned to the user in CyberArk.

Finally, the synchronization step is initiated. During synchronization, CyberArk Identity communicates with Salesforce to create user accounts with the appropriate licenses as defined by the role mappings. Synchronization ensures that the user accounts in both systems are up-to-date and that any changes in roles or permissions are reflected accurately in Salesforce.

The Infinite Apps feature is part of the CyberArk Identity Browser Extension. It simplifies the process of adding SaaS user-password applications that are not listed in the CyberArk Identity App Catalog. The feature includes the App Capture utility, which automatically discovers the username and password fields on a web application’s login page. Once discovered, it adds the application to the portal’s Apps page, allowing it to be deployed with single sign-on capabilities to user portals and devices. If the App Capture utility cannot automatically discover the fields, it provides the option to select them manually. Additionally, users can add applications to their user portal Apps pageand devices using the browser extension, subject to configuration settings managed by the “Allow users to add personal apps” policy.

References: This information can be found in the CyberArk documentation for adding web applications using CyberArk Identity Infinite Apps1.

• Application: displays the web applications the system administrator has assigned to user
• Devices: lists mobile apps enrolled in CyberArk Identity
• Activity: displays all portal logs
• Account: provides the ability for users to change their password and modify information

In CyberArk's User Portal, each tab is designed to give users and administrators quick access to different functionalities and information:

• The Application tab shows the user all the web applications that they have access to, which can include both those assigned by a system administrator and any that the user has added themselves.
• The Devices tab is where users can find all their mobile devices that are currently enrolled with CyberArk Identity, providing an overview of the devices they have secured access from.
• The Activity tab is crucial for auditing and security as it logs all portal activities, which can include login attempts, changes made, and other significant actions that need to be tracked for security and compliance purposes.
• Finally, the Account tab is a personal settings area where users can manage their account details, such as changing their password or updating personal information, ensuring that their credentials and access details are current and secure.

 In UBA systems, events are typically associated with user accounts, which are identified by usernames. Therefore, to find all events related to a specific user, you would filter by the username associated with that user’s account. The filter user_name ='ivan.helen@acme' would be used to retrieve all events where the username ‘ivan.helen@acme’ is involved.

References: This guidance is based on standard practices for querying event data in UBA systems. For the most accurate and detailed explanation, please refer to the official CyberArk Defender Access (ACC-DEF) study guide and course documentation, which can be found through the CyberArk training portal1.

The CyberArk Identity App Gateway is designed to work with web-based applications that support standard authentication protocols. This includes:

• SAML-Compliant Apps: These are applications that use the Security Assertion Markup Language (SAML) protocol for single sign-on (SSO).
• WS-Fed Enabled Apps: These applications use the WS-Federation (WS-Fed) protocol, which is another standard used for SSO.
• OIDC Web Apps: OpenID Connect (OIDC) is a simple identity layer on top of the OAuth 2.0 protocol, and OIDC web apps are those that use this protocol for authentication.

The App Gateway allows secure access to these types of applications without the need for a VPN, facilitating remote access.

References: The information is based on general knowledge of SAML, WS-Fed, and OIDC protocols, and how they are typically used in conjunction with web-based application gateways like CyberArk Identity App Gateway. For the most accurate and detailed information, please refer to the latest CyberArk Defender Access (ACC-DEF) course materials and documents.