CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business. Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures. More information can be found at official CyberArk Documentation.
Integration Method: API
Tables: Account Change (3001), Application Lifecycle (6002), Group Management (3006), User Inventory (5003)
This integration supports the following events.
Event | Description |
|---|---|
Accounts | Returns a list of all the accounts in Privilege Cloud. |
Applications | Returns a list of all the applications in Privilege Cloud. |
Groups | Returns a list of all existing user groups in Privilege Cloud. |
Users | Returns a list of all existing users in Privilege Cloud. |
Note:
CyberArk Privilege Cloud it is a SaaS service and is continuously updated. This article was prepared using version 14.9 in June 2026.
Prerequisites
The user should have admin privileges as we need to use service users's credentials while configuring data source as “Key Id” and “Secret Key”.
The Cyberark service user should have the “Privilege Cloud Auditors” role.
The user should have access to DataBee console.
Configuration Overview
Create a new service user for DataBee or use an existing one with “Privilege Cloud Auditors” role. The service user’s username and password will be used as “Key Id” and “Secret Key” respectively while configuring data source.
Add the CyberArk Privilege Cloud data feed in the DataBee console with the below parameters.
DataBee Parameter
CyberArk Privilege Cloud Parameter
Token: <identity-tenant-id>
CyberArk identity tenant id
Key Id
Service User Username
Secret Key
Service User Password
API Base URL: <subdomain>
CyberArk subdomain
CyberArk Configuration
Integration with CyberArk happens with a service user username/password credentials. The CyberArk Subdomain and Identity Tenant Id are also needed to configure the data source.
Find CyberArk subdomain
Find the <subdomain> on the login page of CyberArk Identity User Portal from the URL as highlighted below.

Find CyberArk identity tenant id
Find the <identity-tenant-id> on the login page of CyberArk Identity Administration Portal from the URL as highlighted below.

Create a CyberArk Service User
Navigate to Inventory > Identities > Users and click on Users.

Click on the Add user button.

Fill out the user details as required. Save the Account name and Password for further use.DataBee Configuration

In the Status section, check the Is OAuth confidential client and click on Create User.

Assigning Roles to the CyberArk Service User
Navigate to Inventory > Identities > Roles and click on Roles.

Search for “Privilege Cloud Auditors” role and click it.

Navigate to Members

Click on Add to add the newly created new service user

Search for newly created Service user and select the checkbox. Click on the Add button.

Verify the user is added to the Members list and click Save

DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

Search for the CyberArk Privilege Cloud and click it as shown below.

Click on the API Ingest option for collection method.

Enter feed contact information and click Next.

In the configuration page, confirm the following:
API Base URL: replace the <subdomain> placeholder with your CyberArk subdomain.
Authorization Method: Bearer Token
Secret Key: paste the service user password.
Key Id: paste the service user username.
Token URL: replace <identity-tenant-id> placeholder with your CyberArk identity tenant id.
Event Types: preselected for all the event types that integration pulls.

Click Submit.
Troubleshooting Tips
Make sure the service user’s username and password of CyberArk for DataBee configuration is being used
Make sure the service user who runs Privilege Cloud web service has the “Privilege Cloud Auditors” role.