Skip to main content

Overview

To connect CyberArk, you will need to provide the following information:
  • Tenant URL
  • OAuth Client Application ID
  • Client ID
  • Client Secret

Prerequisites

  • You have Administrator permissions in your company’s CyberArk instance

Step 1: Log in to Your CyberArk Admin Portal

1

Log in to your CyberArk portal via your organization's tenant URL.

2

Switch to the Admin Portal by clicking the grid icon next to 'Identity User Portal'.

3

Select 'Admin Portal'.

Step 2: Create a SCIM Client Role

1

Navigate to Core Services → Roles.

2

Click 'Add Role' in the top left corner.

3

Name your role 'SCIM Client' and click 'Save'.

4

Under 'Administrative Rights', click 'Add'.

5

Search for and select 'User Management' (not 'Read Only User Management').

6

Click 'Save'.

Step 3: Create a Custom OAuth Client

1

Navigate to Apps & Widgets → Web Apps.

2

Click 'Add Web Apps' in the top right corner.

3

On the Custom tab, click 'Add' next to 'OAuth2 Client'.

4

Click 'Yes' to add the application, then 'Close'.

5

On the Settings page, set an Application ID.

Example: scim_oauth_client. This becomes your OAuth Client Application ID for the linking flow.
6

On the General Usage page, check 'Confidential' and 'Must be OAuth Client' under Client ID Type.

7

On the Tokens page, configure:

  • Token Type: JwtRS256
  • Auth methods: Client Creds
  • Access token lifetime: 5 hours
8

On the Scope page, click 'Add' and create a new scope:

  • Name: SCIMAPIScope
  • Allowed REST APIs: Add scim
9

On the Permissions page, add the SCIM Client role from Step 2.

Ensure the ‘Run’ permission checkbox is checked.
10

Click 'Save'.

Step 4: Create a CyberArk Service User

1

Navigate to Core Services → Users.

2

Click 'Add User' in the top right corner.

3

Complete the following fields:

  • Login name: This becomes part of your Client ID (e.g., CLIENT_ID_PREFIX@merge)
  • Display name: Any name you choose
  • Password: This becomes your Client Secret
4

Check 'Is OAuth confidential client' under the Status section.

This will automatically check ‘Is service user’ and gray out the email field.
5

Click 'Save'.

6

Go back to Core Services → Roles and open the SCIM Client role.

7

Under 'Members', click 'Add' and add your new service user.

8

Click 'Save'.

Enter Credentials into Doozy

You must be a Doozy admin to connect an HRIS integration.
1

Go to the Doozy web app.

Navigate to Workspace SettingsIntegrationsHRIS.
2

Choose CyberArk as the HRIS you want to connect.

3

Tenant URL: Enter the URL used to log into your CyberArk portal.

4

Application ID: Enter the Application ID from Step 3.

5

Client ID: Enter the full login name from Step 4 (e.g., `CLIENT_ID_PREFIX@merge`).

6

Client Secret: Enter the password from Step 4.

7

Click Submit.