Skip to main content

CyberArk Idaptive

Visualize CyberArk Idaptive Devices, Users, Applications, Roles, Accounts and monitor changes through queries and alerts.


This integration focuses on ingesting devices, users, accounts and applications from the CyberArk Idaptive REST API. There are two components of interest:

  1. The CyberArk Idaptive tenant (available at https://<tenant-id> You will need a username and password to log in to the tenant.
  2. The CyberArk Idaptive REST API reference


You will have to create a service user and a client application to generate access token and use this access token to make REST API calls to fetch data from CyberArk Idaptive. To do this:

  1. Using a web browser, go to your CyberArk idaptive tenant (e.g. and log in with your credentials.

  2. Go to the Admin portal

    Admin Portal

  3. Go to Core Services -> Users. Fill in all required fields. Check password never expires, Is service user and Is OAuth Credential Client in status as show in the below image and click on create user

    Create User

  4. In Admin Portal, click on Apps & Widgets -> Web Apps. Select Add Web Apps on top right corner

    Web Apps page

  5. Click on custom and choose OAuth2 Client from the list as shown in the image

    select client web app

  6. Select the Organization from the dropdown and click on Add (this prompt may not show up)

    select organization

  7. On the settings page, Give an ID for the application, It can be any name. Save it somewhere, It is required while configuring the integration in JupiterOne

    application page

  8. Click on General Usage in the sidebar and select Confidential and check Must be OAuth Client

    oauth client

  9. Go to Tokens in the side bar and select client credentials and choose validity of access token. Choose a period greater than 10 minutes as it was advised in the CyberArk Idaptive documentation and enable refresh tokens.

    client credentials

  10. Select scope in the sidebar and click on Add, give it the name all and in the regex add CDirectoryService/GetUsers|redrock/query|Roles/GetRoleMembers|SysInfo/About|UPRest/GetResultantAppsForUser|Acl/GetRowAces


  11. Select the permissions in the side bar, search for the service account you have created previously and click on add

    add service account

  12. Grant the Run permission to the service account. Click Save

  13. Go to Roles -> System Administrator

    admin role

  14. Go to members and add Service account as the member

    assign role