CyberArk Privilege Cloud

Updated on 18 Mar 2025
2 Minutes to read

Print
Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback!

CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business. Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures. More information can be found at official CyberArk Documentation.

Integration Method: API

Tables: Account Change (3001), Application Lifecycle (6002), Group Management (3006), User Inventory (5003)

This integration supports the following events.

Event	Description
Accounts	Returns a list of all the accounts in Privilege Cloud.
Applications	Returns a list of all the applications in Privilege Cloud.
Groups	Returns a list of all existing user groups in Privilege Cloud.
Users	Returns a list of all existing users in Privilege Cloud.

Note:
CyberArk Privilege Cloud it is a SaaS service and is continuously updated. This document was prepared using version 14.5 in February 2025.

Prerequisites

The user should have admin privileges as we need to use admin’s credentials while configuring data source as “Key Id” and “Secret Key”.
The user who runs Privilege Cloud web service requires List Accounts permission in the Safe.
The user who runs Privilege Cloud web service requires Audit Users permission in Privilege Cloud.
The user should have access to DataBee console.

Configuration Overview

Create a new admin user for DataBee or use an existing one. We need to use admin’s username and password as “Key Id” and “Secret Key” respectively while configuring data source.
Add the CyberArk Privilege Cloud data feed in the DataBee console with the below parameters.
DataBee Parameter
CyberArk Privilege Cloud Parameter
Token: <identity-tenant-id>
CyberArk identity tenant id
Key Id
Admin’s Username
Secret Key
Admin’s Password
API Base URL: <subdomain>
CyberArk subdomain

DataBee Parameter	CyberArk Privilege Cloud Parameter
Token: <identity-tenant-id>	CyberArk identity tenant id
Key Id	Admin’s Username
Secret Key	Admin’s Password
API Base URL: <subdomain>	CyberArk subdomain

CyberArk Configuration

Integration with CyberArk happens with admin username/password credentials. Apart from that we require CyberArk Subdomain and Identity Tenant Id to configure data source.

Find CyberArk subdomain

Find the <subdomain> on the login page of CyberArk Identity User Portal from the URL as highlighted below.

Find CyberArk identity tenant id

Find the <identity-tenant-id> on the login page of CyberArk Identity Administration Portal from the URL as highlighted below.

DataBee Configuration

Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the CyberArk Privilege Cloud and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
- API Base URL: replace <subdomain> placeholder with your CyberArk subdomain.
- Authorization Method: Bearer Token
- Secret Key: paste the admin password.
- Key Id: paste the admin username.
- Token URL: replace <identity-tenant-id> placeholder with your CyberArk identity tenant id.
- Event Types: preselected for all the event types that integration pulls.
Click Submit.

Troubleshooting Tips

Make sure we are using admin’s username and password of CyberArk for DataBee configuration.
Make sure the user who runs Privilege Cloud web service requires Audit Users and List Accounts permissions in Privilege Cloud.

Was this article helpful?

What's Next

CyberArk Privileged Access Manager

Table of contents

Prerequisites
Configuration Overview
CyberArk Configuration
DataBee Configuration
Troubleshooting Tips