Skip navigation
Product & Engineering

Duo Integrates With CyberArk for Secure, Privileged Access


  • By integrating with CyberArk's Privileged Access Security solution, Duo provides strong user authentication and device posturing
  • This enables organizational agility through a variety of integration methods and a consistent user experience
  • It also supports zero-trust principles by establishing user and device trust for enterprises in hybrid environments
  • Duo’s CyberArk integration is available with Duo MFA, Duo Access, and Duo Beyond

Forrester estimates that 80 percent of security breaches involve privileged credentials. With the continued adoption of bring your own device (BYOD) and remote workers, organizations are challenged with ensuring their privileged accounts are secure.

Privileged account breaches can lead to the exposure of customers’ personally identifiable information (PII), financial data or intellectual property. Companies are challenged with the inevitability of employees requiring access to sensitive systems outside of their managed devices. This requires them to move security to users, devices and applications. How do they ensure these devices are up to date with the most recent security patches before logging into privileged accounts?

Duo + CyberArk

We are excited to announce an integration with CyberArk to help our joint customers protect their privileged accounts. With Duo and CyberArk, administrators get best-of-breed protection for both access control and privileged access security.

Administrators can create access policies that require strong user authentication and device authorization. This allows enterprises to move toward a zero-trust security model requiring authentication and authorization regardless of where the application is located.

How it Works

Duo’s integration with CyberArk Privileged Account Security offers complete single sign-on (SSO) support; fast and simple user-enrollment; visibility into the security posture of devices accessing CyberArk; and a consistent authentication experience no matter where users are located.

There are multiple ways to use Duo to protect CyberArk’s systems. For example, customers can use Duo Beyond to provide users with a secure SSO experience when they log in to CyberArk’s Enterprise Password Vault. This enables administrators to verify the identity of the user, and check the security posture and management status of their device. As with all of our integrations, end users experience a consistent and intuitive user interface when authenticating through Duo.

To enable this integration, first locate the SAML-CyberArk Privileged Account Security application in the Duo Admin Panel:

CyberArk Integration

  1. Enter the domain name used when logging into your company's CyberArk Web Access Server as the Domain. For example, if your CyberArk Web Access login URL is, then enter
  2. CyberArk Privileged Account Security SSO uses the Username attribute when authenticating.
  3. Click Save Configuration to generate a downloadable configuration file.

For more detailed information about our SAML integration, visit our documentation page.

Learn More