- 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
CyberArk Privilege Cloud
- Updated on 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business. Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures. More information can be found at official CyberArk Documentation.
Integration Method: API
Tables: Account Change (3001), Application Lifecycle (6002), Group Management (3006), User Inventory (5003)
This integration supports the following events.
Event | Description |
---|---|
Accounts | Returns a list of all the accounts in Privilege Cloud. |
Applications | Returns a list of all the applications in Privilege Cloud. |
Groups | Returns a list of all existing user groups in Privilege Cloud. |
Users | Returns a list of all existing users in Privilege Cloud. |
Note:
CyberArk Privilege Cloud it is a SaaS service and is continuously updated. This document was prepared using version 14.5 in February 2025.
Prerequisites
The user should have admin privileges as we need to use admin’s credentials while configuring data source as “Key Id” and “Secret Key”.
The user who runs Privilege Cloud web service requires List Accounts permission in the Safe.
The user who runs Privilege Cloud web service requires Audit Users permission in Privilege Cloud.
The user should have access to DataBee console.
Configuration Overview
Create a new admin user for DataBee or use an existing one. We need to use admin’s username and password as “Key Id” and “Secret Key” respectively while configuring data source.
Add the CyberArk Privilege Cloud data feed in the DataBee console with the below parameters.
DataBee Parameter
CyberArk Privilege Cloud Parameter
Token: <identity-tenant-id>
CyberArk identity tenant id
Key Id
Admin’s Username
Secret Key
Admin’s Password
API Base URL: <subdomain>
CyberArk subdomain
CyberArk Configuration
Integration with CyberArk happens with admin username/password credentials. Apart from that we require CyberArk Subdomain and Identity Tenant Id to configure data source.
Find CyberArk subdomain
Find the <subdomain> on the login page of CyberArk Identity User Portal from the URL as highlighted below.
Find CyberArk identity tenant id
Find the <identity-tenant-id> on the login page of CyberArk Identity Administration Portal from the URL as highlighted below.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the CyberArk Privilege Cloud and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
API Base URL: replace <subdomain> placeholder with your CyberArk subdomain.
Authorization Method: Bearer Token
Secret Key: paste the admin password.
Key Id: paste the admin username.
Token URL: replace <identity-tenant-id> placeholder with your CyberArk identity tenant id.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
Make sure we are using admin’s username and password of CyberArk for DataBee configuration.
Make sure the user who runs Privilege Cloud web service requires Audit Users and List Accounts permissions in Privilege Cloud.