---
title: "CyberArk+Identity+Integration+Guide"
slug: "cyberarkidentityintegrationguide"
updated: 2024-05-06T06:47:31Z
published: 2024-05-06T06:47:31Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.safe.security/llms.txt
> Use this file to discover all available pages before exploring further.

# CyberArk Identity

## About this document

---

This document provides the step-by-step procedure to configure CyberArk Identity in SAFE.

## Introduction

---

SAFE integrates with CyberArk Identity, and fetches the security misconfiguration of the CyberArk Identity account in SAFE.

## Prerequisites

---

- Access required in **SAFE**:
  - SAFE Admin Access
- Access required in **CyberArk Identity**:
  - CyberArk Identity Admin User
- Required User Inputs:
  - API Instance URL
  - Client ID
  - Client Secret
- Required Scope:
  - Role Management
  - User Management

## Generate Connection Details

---

- How to generate **API Token**
  - Login to your CyberArk Identity account as Admin.
  - Create a Service user for API requests as follows:
    - Go to Core Services
    - Click on the Users
    - Click on the Add User

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/1(26).png)
  - Enter the following details:
    - Login Name
    - Choose required Suffix from dropdown
    - Email address
    - Display Name
    - Password

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/2(23).png)
  - In the Status checklist, select the following checkbox:
    - Is OAuth a confidential client
    - Is Service User
    - Password never expires
  - Click the Create User button.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/3(22).png)
  - Create a new role as follows:
    - Go to Core Services
    - Click on the Roles.
    - Click on the Add Role button.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/4(20).png)
  - Enter the Name, Description, Organization, and Role Type as "**Static**".
  - Click on the Save button.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/5(22).png)
  - Click on the Members
  - Click on the Add button.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/6(22).png)
  - Search and select the above-created user and click on the Add.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/7(20).png)
  - Go to Administrative Rights and Click on the Add button.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/8(22).png)
  - Select User Management and Role Management and then click the Add button.
  - Click on the Save button

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/9(22).png)
  - The above-created user (login name + suffix) will be used as the**Client ID** and the password as **Client Secret**.
  - It's important to regularly update the Client ID and Client Secret in SAFE according to its expiration date.
- How to get **API Instance URL**
  - Access the CyberArk Identity Instance, and capture the URL
  - **Copy** and **save** the API Instance URL to use it while configuring CyberArk Identity in SAFE.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/10(20).png)

## Configure CyberArk Identity in SAFE

---

- Log in to your SAFE account as **Admin**.
- Click on the **Integrations**option from the left navigation.
- Scroll to find the CyberArk Identity integration card or Search for CyberArk Identity in the search bar.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/11(14).png)

- Hover on the **CyberArk Identity** card and click on the **Configure** button
- Enter the following:
  - API Instance URL
  - Client ID
  - Client Secret
- Enter the **Auto Sync Frequency**.
- Click on the **Test Connection** button.
- Once the connection is successful, click on the **Save** button.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/12(14).png)

- Once the configuration is saved successfully, click on the **Sync** **Now** button to trigger an on-demand sync.
- Upon a successful sync, the system pulls the CyberArk Identity assets and their findings in SAFE. You can track the status of the sync in the History table.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/13(10).png)

## View Results

---

- Scroll down to the **Finding View** and **Asset View**available on the integration page.
  - **Finding View**: This tab displays all the findings details pulled from CyberArk Identity.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/14(8).png)

- 
  - **Asset View:**This tab displays all the assets pulled from CyberArk Identity.

![](https://cdn.document360.io/23dc20b8-a989-48c0-8653-f1d3e4abc734/Images/Documentation/15(6).png)

## History

---

Learn More about Integration History [here](https://docs.safe.security/safe-4/docs/integration-history).

## SAFE's Outgoing IP Addresses

---

Click [here](https://docs.safe.security/safe-4/docs/safes-outgoing-ip-addresses) to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.