> ## Documentation Index
> Fetch the complete documentation index at: https://help.doozy.live/llms.txt
> Use this file to discover all available pages before exploring further.

# CyberArk

> Connect CyberArk to Doozy via Merge.

## Overview

To connect CyberArk, you will need to provide the following information:

* **Tenant URL**
* **OAuth Client Application ID**
* **Client ID**
* **Client Secret**

## Prerequisites

* You have Administrator permissions in your company's CyberArk instance

***

## Step 1: Log in to Your CyberArk Admin Portal

<Steps>
  <Step title="Log in to your CyberArk portal via your organization's tenant URL." />

  <Step title="Switch to the Admin Portal by clicking the grid icon next to 'Identity User Portal'." />

  <Step title="Select 'Admin Portal'." />
</Steps>

## Step 2: Create a SCIM Client Role

<Steps>
  <Step title="Navigate to Core Services → Roles." />

  <Step title="Click 'Add Role' in the top left corner." />

  <Step title="Name your role 'SCIM Client' and click 'Save'." />

  <Step title="Under 'Administrative Rights', click 'Add'." />

  <Step title="Search for and select 'User Management' (not 'Read Only User Management')." />

  <Step title="Click 'Save'." />
</Steps>

## Step 3: Create a Custom OAuth Client

<Steps>
  <Step title="Navigate to Apps & Widgets → Web Apps." />

  <Step title="Click 'Add Web Apps' in the top right corner." />

  <Step title="On the Custom tab, click 'Add' next to 'OAuth2 Client'." />

  <Step title="Click 'Yes' to add the application, then 'Close'." />

  <Step title="On the Settings page, set an Application ID.">Example: `scim_oauth_client`. This becomes your **OAuth Client Application ID** for the linking flow.</Step>

  <Step title="On the General Usage page, check 'Confidential' and 'Must be OAuth Client' under Client ID Type." />

  <Step title="On the Tokens page, configure:">
    * Token Type: `JwtRS256`
    * Auth methods: `Client Creds`
    * Access token lifetime: `5 hours`
  </Step>

  <Step title="On the Scope page, click 'Add' and create a new scope:">
    * Name: `SCIMAPIScope`
    * Allowed REST APIs: Add `scim`
  </Step>

  <Step title="On the Permissions page, add the SCIM Client role from Step 2.">Ensure the 'Run' permission checkbox is checked.</Step>

  <Step title="Click 'Save'." />
</Steps>

## Step 4: Create a CyberArk Service User

<Steps>
  <Step title="Navigate to Core Services → Users." />

  <Step title="Click 'Add User' in the top right corner." />

  <Step title="Complete the following fields:">
    * **Login name**: This becomes part of your Client ID (e.g., `CLIENT_ID_PREFIX@merge`)
    * **Display name**: Any name you choose
    * **Password**: This becomes your Client Secret
  </Step>

  <Step title="Check 'Is OAuth confidential client' under the Status section.">This will automatically check 'Is service user' and gray out the email field.</Step>

  <Step title="Click 'Save'." />

  <Step title="Go back to Core Services → Roles and open the SCIM Client role." />

  <Step title="Under 'Members', click 'Add' and add your new service user." />

  <Step title="Click 'Save'." />
</Steps>

## Enter Credentials into Doozy

<Note>You must be a **Doozy admin** to connect an HRIS integration.</Note>

<Steps>
  <Step title="Go to the Doozy web app.">Navigate to [Workspace Settings](https://doozy.live/app/settings/workspace) → **Integrations** → **HRIS**.</Step>

  <Step title="Choose CyberArk as the HRIS you want to connect." />

  <Step title="Tenant URL: Enter the URL used to log into your CyberArk portal." />

  <Step title="Application ID: Enter the Application ID from Step 3." />

  <Step title="Client ID: Enter the full login name from Step 4 (e.g., `CLIENT_ID_PREFIX@merge`)." />

  <Step title="Client Secret: Enter the password from Step 4." />

  <Step title="Click Submit." />
</Steps>
