--- title: CyberArk Identity Management API Integration on Truto slug: cyberarkim category: IM canonical: "https://truto.one/integrations/detail/cyberarkim/" --- # CyberArk Identity Management API Integration on Truto **Category:** IM **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Users** — The User object represents a User. ## How it works 1. **Link your customer's CyberArk Identity Management account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach CyberArk Identity Management.** The Proxy API is a 1-to-1 mapping of the CyberArk Identity Management API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate user provisioning from your SaaS into CyberArk Identity** — If your platform manages employee onboarding or HR workflows, you can push new user records directly into your customers' CyberArk Identity Cloud Directory via SCIM. This eliminates manual IT work and ensures day-one access is provisioned securely. - **Sync CyberArk directory data for identity governance and access reviews** — Compliance and security SaaS products can pull user and group data from CyberArk Identity to run automated access reviews, detect orphaned accounts, and flag over-privileged users — critical for customers in regulated industries like finance and healthcare. - **Enforce role-based access using CyberArk groups** — B2B SaaS apps can read a customer's CyberArk Identity groups and map them to internal permission tiers, ensuring that access control in your product stays in sync with the customer's centralized identity policies without manual configuration. - **Automate license reclamation on user deactivation** — When a user is removed or deactivated in CyberArk Identity, your SaaS can detect the status change and automatically revoke access and reclaim the software license — saving your customers money and closing security gaps. - **Trigger security lockouts from your application** — If your SaaS detects anomalous behavior, you can push a user state change back to CyberArk Identity to lock or disable the account across the customer's entire identity ecosystem, not just within your app. ## What you can build - **Real-time directory sync dashboard** — Ship a settings page where customers connect their CyberArk Identity account and see their user directory continuously synced into your app with status indicators for each user. - **Group-to-role mapping configuration** — Let IT admins map their CyberArk Identity groups to specific roles or permission levels in your product, so access control is always aligned with their directory policies. - **Automated user lifecycle management** — Automatically create, update, and deactivate user accounts in your app based on changes in the customer's CyberArk Identity directory, covering the full hire-to-termination lifecycle. - **Access review and compliance report** — Generate audit-ready reports that cross-reference CyberArk Identity user and group data with actual usage in your product, highlighting inactive accounts and permission drift. - **Anomaly-triggered account lockout** — Build a security workflow that detects suspicious activity in your app and pushes a user state change to CyberArk Identity to disable the account across the customer's environment. - **Self-service SCIM provisioning setup** — Offer a guided onboarding flow where customers configure SCIM-based provisioning from CyberArk Identity to your app in minutes, with no engineering support required. ## FAQs ### What authentication methods does CyberArk Identity support for API access? CyberArk Identity supports OAuth 2.0 for its REST APIs and bearer token authentication for its SCIM 2.0 endpoints. Truto handles the auth flow so your team doesn't need to manage token refresh or credential storage. ### Does CyberArk Identity support SCIM 2.0? Yes. CyberArk Identity provides a full SCIM 2.0 server interface supporting Users and Groups resources, including filtering with operators like 'eq' and 'co'. This enables standard provisioning, de-provisioning, and attribute update operations. ### What user data can I read and write through the CyberArk Identity API? Core user attributes include id, userName, displayName, active status, and email. CyberArk also supports custom extension schema attributes. You can create users (POST), update attributes (PATCH), and delete or deactivate users through the SCIM API. ### Can I read group memberships from CyberArk Identity? Yes. The Groups endpoint supports listing groups, querying with filters, and reading member arrays. This is essential for building role-based access mapping in your product. ### Are there specific tools available for CyberArk Identity on Truto today? CyberArk Identity is available under Truto's Unified User Directory API for Users. Additional tools and resources are built on request — reach out to the Truto team to scope your specific integration needs. ### What industries typically require CyberArk Identity integration? CyberArk Identity is heavily adopted in financial services, healthcare, government, and critical infrastructure — industries with strict compliance requirements like SOC 2, HIPAA, and FedRAMP. Offering this integration signals enterprise-grade security to these buyers.