--- title: Paralus API Integration on Truto slug: paralus category: Cloud Storage canonical: "https://truto.one/integrations/detail/paralus/" --- # Paralus API Integration on Truto **Category:** Cloud Storage **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Paralus account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Paralus.** The Proxy API is a 1-to-1 mapping of the Paralus API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate compliance checks against Kubernetes access controls** — Compliance automation platforms can pull users, roles, and group memberships from their customers' Paralus instances to continuously verify that only authorized personnel have access to production clusters — critical for SOC 2, ISO 27001, and HIPAA audits. - **Sync identity lifecycle events to Kubernetes access in real time** — Identity governance platforms can push joiner/mover/leaver events into Paralus through Truto, ensuring that when an employee changes teams or leaves the company, their Kubernetes RBAC permissions are updated or revoked automatically without manual DevOps intervention. - **Centralize infrastructure access visibility across tools** — Security posture management products can aggregate Paralus user and role data alongside other access management systems via Truto's Unified User Directory API, giving security teams a single pane of glass over who can access what across their entire infrastructure stack. - **Detect and remediate over-privileged Kubernetes users** — SaaS platforms focused on least-privilege enforcement can read Paralus roles and user assignments to flag accounts with excessive cluster-admin privileges, then trigger automated remediation workflows to tighten permissions. ## What you can build - **Real-time Kubernetes access roster** — Display a live, unified view of all users and their assigned Kubernetes roles across every Paralus-managed cluster, pulled directly from your customers' Paralus instances. - **Automated offboarding access revocation** — Trigger immediate removal of a terminated employee's Paralus roles and group memberships the moment an offboarding event is detected in an HRIS or IdP. - **Role drift detection alerts** — Continuously compare Paralus role assignments against a defined policy baseline and surface alerts when a user's permissions deviate from what their team or job function should allow. - **Cross-platform user-to-role audit report** — Generate exportable compliance reports that map each Paralus user to their specific cluster roles and group memberships, ready for auditor review. - **Team-based RBAC provisioning workflow** — Let your customers define team templates that automatically assign the correct Paralus roles and namespace-scoped permissions when a new developer is added to a group. ## FAQs ### What data can I access from Paralus through Truto? Truto maps Paralus to the Unified User Directory API, which covers Users and Roles. This lets you read user identities, group memberships, authentication states, and role-to-cluster assignments from your customers' Paralus instances. ### Are there pre-built Truto tools for Paralus, or is it built on request? Paralus tools are built on request. Once you signal demand, Truto builds and maintains the connector — handling auth, pagination, and API normalization — so you don't have to. ### How does authentication work for the Paralus integration? Paralus supports API key-based authentication. Truto manages the credential lifecycle on behalf of your end users, so they connect their Paralus instance once and you interact through Truto's unified interface. ### Can I write data back to Paralus, such as updating roles or removing users? Write operations like role assignment updates and user removal can be supported through the Unified User Directory API. Exact write capabilities are scoped during the on-request build process based on what the Paralus API exposes. ### How does Paralus fit into the Unified User Directory API alongside other integrations? Paralus users and roles are normalized into the same schema as other identity and access tools connected through Truto. This means your product can query a single API to get a consistent view of users and roles across Paralus, IdPs, and other directory services your customers use. ### Is Paralus really a Cloud Storage tool? No. Paralus is a zero-trust access management tool for Kubernetes, often miscategorized due to its handling of kubeconfig files. For Truto's purposes, it maps cleanly to the Unified User Directory API via its Users and Roles data model.