CyberArk is Privileged Access Management software, and we want to further integrate it with AA in the following manner:
- CyberArk is configured to use AAF for authentication via saml
1. User connects to the web interface of CyberArk and they are prompted for authentication from AAF via saml
2. User selects the windows server that they want to connect to in the web interface of CyberArk
3. CyberArk creates an rdp file with the admin credentials required to rdp to the wanted remote windows server selected above. CyberArk opens the Microsoft rdp client on there local machine with the rdp connection information of the desired remote windows server.
4. Ideally when the user connects to the remote windows server and they launched rdp from CyberArk they would bypass the aaf windows client login on the remote windows server and be allowed access with the credentials passed from CyberArk . Also if the user has not logged into CyberArk and starts an rdp connection the user would be required to authenticate with the aaf windows client to the desired remote windows server.