CyberArk Identity Developer Program

  • Home
  • Product documentation
  • GitHub
  • CyberArk developer community

The CyberArk Identity developer program

    HomeGuidesAPI Reference
HomeGuidesRecipesAPI ReferenceReferenceChangelogDiscussionsPage Not FoundSearch{{ state.current().meta.title }}API Logs
    HomeGuidesAPI Reference
discard

Getting Started

  • New product names
  • Use Queries
  • Data Dictionary
    • ADGroup
    • ADOU
    • ADUser
    • Application
    • CDUser
    • Device
    • DSGroups
    • DSUsers
    • Event
    • GatewayDiagnosticsPageLoad
    • GatewayDiagnosticsUrls
    • InstalledApp
    • Proxy
    • QueryDefinition
    • Role
    • SysQueryDef
    • Tenant
    • User
  • Use your Tenant URL
  • Develop with the API

Authenticate and Authorize Users

  • Overview
    • Adaptive Authentication
    • Social Login
    • Authentication Cookies
    • Public Keys
  • Authentication Quick Start
    • Start the Authentication Process
    • Advancing the Authentication
    • Advancing Multi-factor Authentication
    • Advancing Out-of-bounds Authentication
    • Using the Authentication Token
    • Identifying a Client Device
    • Social Login
    • Logging Out
    • C# Example
  • About OpenID Connect
  • CyberArk Identity SAML Toolkits for SSO
  • OAuth Clients
    • Client Credentials Flow
    • Authorization (Auth) Code Flow
    • Authorization (Auth) Flow with PKCE
    • Resource Owner Flow
    • Refresh Tokens
    • Revoke a Token
    • Validate a Token
    • End a session
  • MFA for Password Checkout
  • Generate an on-demand auth challenge during login
  • On Demand Challenges
  • User Self Password Reset
  • User Self Get Username
  • Get a SAML Assertion for a Configured App
  • Generate a Random Password
  • Verifying a Signature
  • Apply an app-specific, on-demand MFA policy

Installation Guides

  • AWS CLI for CyberArk Identity
    • Python Installation
    • Library Installations
    • AWS CLI Installation
    • Download and Edit the Idaptive AWS CLI Configuration Files
    • Create cacerts.pem
    • Running the Program
  • AWS Powershell Utility V10
    • Idaptive Powershell Utility Installation
    • Logging – Verbose output

Manage Users

  • User Management
  • Create and Manage Cloud Directory Users
  • Manage Applications for Users
  • Generic User Functions
    • Invite users to the portal
    • Get information for users
    • Search for users
    • Configure authentication settings
  • Use Extensible Attributes
  • Manage Roles
  • Multiple Secret Question Enrollment
  • Create an Authentication Profile
  • Create a Policy
  • Create a Customer

Manage Resources

  • Monitor Connector Status
  • Configure CORS

Manage Applications

  • Manage Access to Applications
  • Add Applications to a Website
  • Editing Custom Logic
  • Business Partner Federation

Mobilize

  • Manage Devices

User Behavior Analytics

  • Work with Analytics Endpoints
  • Webhooks
    • Slack Example Webhook
    • PagerDuty Example Webhook

SCIM client

  • SCIM Provisioning Overview - Client
  • Automatic SCIM Provisioning
  • Role-based User Provisioning
  • Active Directory Group Provisioning
  • User Provisioning with Custom Attributes
  • SCIM API Requirements

SCIM server

  • SCIM Provisioning Overview - Server
  • SCIM Server configuration
  • Discover SCIM server implementation details
  • Manage Users with SCIM Endpoints
  • Manage Groups with SCIM Endpoints

Getting Started

  • New product names
  • Use Queries
  • Data Dictionary
    • ADGroup
    • ADOU
    • ADUser
    • Application
    • CDUser
    • Device
    • DSGroups
    • DSUsers
    • Event
    • GatewayDiagnosticsPageLoad
    • GatewayDiagnosticsUrls
    • InstalledApp
    • Proxy
    • QueryDefinition
    • Role
    • SysQueryDef
    • Tenant
    • User
  • Use your Tenant URL
  • Develop with the API

Authenticate and Authorize Users

  • Overview
    • Adaptive Authentication
    • Social Login
    • Authentication Cookies
    • Public Keys
  • Authentication Quick Start
    • Start the Authentication Process
    • Advancing the Authentication
    • Advancing Multi-factor Authentication
    • Advancing Out-of-bounds Authentication
    • Using the Authentication Token
    • Identifying a Client Device
    • Social Login
    • Logging Out
    • C# Example
  • About OpenID Connect
  • CyberArk Identity SAML Toolkits for SSO
  • OAuth Clients
    • Client Credentials Flow
    • Authorization (Auth) Code Flow
    • Authorization (Auth) Flow with PKCE
    • Resource Owner Flow
    • Refresh Tokens
    • Revoke a Token
    • Validate a Token
    • End a session
  • MFA for Password Checkout
  • Generate an on-demand auth challenge during login
  • On Demand Challenges
  • User Self Password Reset
  • User Self Get Username
  • Get a SAML Assertion for a Configured App
  • Generate a Random Password
  • Verifying a Signature
  • Apply an app-specific, on-demand MFA policy

Installation Guides

  • AWS CLI for CyberArk Identity
    • Python Installation
    • Library Installations
    • AWS CLI Installation
    • Download and Edit the Idaptive AWS CLI Configuration Files
    • Create cacerts.pem
    • Running the Program
  • AWS Powershell Utility V10
    • Idaptive Powershell Utility Installation
    • Logging – Verbose output

Manage Users

  • User Management
  • Create and Manage Cloud Directory Users
  • Manage Applications for Users
  • Generic User Functions
    • Invite users to the portal
    • Get information for users
    • Search for users
    • Configure authentication settings
  • Use Extensible Attributes
  • Manage Roles
  • Multiple Secret Question Enrollment
  • Create an Authentication Profile
  • Create a Policy
  • Create a Customer

Manage Resources

  • Monitor Connector Status
  • Configure CORS

Manage Applications

  • Manage Access to Applications
  • Add Applications to a Website
  • Editing Custom Logic
  • Business Partner Federation

Mobilize

  • Manage Devices

User Behavior Analytics

  • Work with Analytics Endpoints
  • Webhooks
    • Slack Example Webhook
    • PagerDuty Example Webhook

SCIM client

  • SCIM Provisioning Overview - Client
  • Automatic SCIM Provisioning
  • Role-based User Provisioning
  • Active Directory Group Provisioning
  • User Provisioning with Custom Attributes
  • SCIM API Requirements

SCIM server

  • SCIM Provisioning Overview - Server
  • SCIM Server configuration
  • Discover SCIM server implementation details
  • Manage Users with SCIM Endpoints
  • Manage Groups with SCIM Endpoints

CyberArk Identity API

  • Authentication
    • post
      Check row ACLs.
    • post
      Gets a users access rights.
    • post
      Get a collection of access rights.
    • post
      Gets the collection access rights based on the input parameters.
    • post
      Retrieves a list of who has what rights for the directory.
    • post
      Gets a list of directory rights.
    • post
      Gets a list of file rights.
    • post
      Gets ACLs on a file.
    • post
      Gets the access rights for a row.
    • post
      Gets the row access rights based on the input parameters.
    • post
      Authenticates a request.
    • post
      Confirm
    • post
      https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
    • post
      Introspect.
    • post
      Keys
    • post
      Revoke.
    • post
      Gets a token based on grant type.
    • post
      This returns the contents of the bearer token used.
    • post
      Attempt to advance the state of an authentication session.
    • post
      Advances a forgot username session (similar to MFA advance authentication).
    • post
      Terminate an incomplete session started with StartAuthentication or StartChallenge.
    • post
      Returns QR Code data
    • post
      Allows OAuth2 clients to perform on-demand step-up authentication challenges.
    • post
      Continues user authentication.
    • post
      Starts a user authentication session.
    • post
      Starts a step-up authentication challenge session.
    • post
      Starts a forgot username session that looks similar to an MFA authentication session.
    • post
      Starts a user authentication session for QR code authentication.
    • post
      Submit DUO authentication
    • post
      Submit OATH OTP code for the specify user
    • post
      Submit QR Code authentication
    • post
      Answer registration challenge.
    • post
      Deletes the U2f device.
    • post
      Delete a list of U2f devices.
    • post
      Get the trusted facet list for the tenant.
    • post
      Get registration challenge.
    • post
      Gets a list of U2f devices.
    • post
      Gets a list of U2f devices for the current user.
  • User Management
    • post
      Gets a list of row rights.
    • post
      Deprecated -- Delete a list of users with permission check.
    • post
      Create new users in the Cloud Directory Service based on data read from files.
    • post
      Delete user after permission check (DEPRECATED)
    • post
      Exempt a specified user from MFA login for a period of time.
    • post
      Get details for the current user.
    • post
      Reads users from a csv file(s).
    • post
      Refresh a user's cached identity.
    • post
      Create a Bulk User Import scheduled task to process the uploaded file.
    • post
      Retreives a list of users that are members of a specific federated group.
    • post
      Retrieves the Federated Group Memberships for a specfic user.
    • post
      Revokes federated group membership from a specific group for a specific user.
    • post
      Refresh current user's cached identity.
    • post
      Delete admin security question.
    • post
      Get a specific admin security question
    • post
      Get admin security questions
    • post
      Add admin security question.
    • post
      Runs a risk check for the current user.
    • post
      Check to see if a user can edit attributes.
    • post
      Update user attributes
    • post
      Change the password for the current user.
    • post
      Query all directory services for users, groups, and/or roles using a json query string.
    • post
      Get the cached entity.
    • post
      Get the cached user.
    • post
      Get security questions for the current user
    • post
      Fetch attributes for a specified user.
    • post
      Get certificate info for a given user.
    • post
      Fetch the reporting hierarchy for a specified user.
    • post
      Get additional info for a specified user.
    • post
      Fetch a cloud user's picture.
    • post
      Gets user roles and administrative rights.
    • post
      Invite one or more users to the cloud portal.
    • post
      Checks to see if a given user is cloud locked.
    • post
      Determine if the current user can (or cannot...) satisfy the requisite MFA challenges.
    • post
      Checks to see if a given user is subject to cloud locks.
    • post
      Remove a user from the cloud.
    • post
      Remove one or more certificates for a given user.
    • post
      Remove one or more users.
    • post
      Resets (clears) security questions for a user.
    • post
      Reset the password for a specified user.
    • post
      Send email invitation to a specified user.
    • post
      Send invitation emails to one or more users.
    • post
      Send SMS invitation to a specified user.
    • post
      Applies or clears a cloud lock for a given user.
    • post
      Set the phone pin for a user.
    • post
      Updates security questions for a user.
    • post
      Updates various user preferences for the currently logged in user.
  • Core Services
    • post
      Deletes an authentication profile.
    • post
      Gets an authentication profile.
    • post
      Gets a list of Authentication profiles.
    • post
      Saves an authentication profile.
    • post
      The tenant brand information.
    • post
      The tenant brand.
    • post
      Fetch technical support user.
    • post
      Grant portal access to technical support.
    • post
      Create a dynamic set.
    • post
      Create a manual set.
    • post
      Delete a set.
    • post
      Gets the contents of a bucket.
    • post
      Gets a set based on the ID.
    • post
      Gets the references to a set.
    • post
      Gets the rights on a set.
    • post
      Gets a set template based on ObjectType and SubObjectType.
    • post
      Gets the members with access to the set.
    • post
      Gets the objects set.
    • post
      Gets a set of ObjectType.
    • post
      Gets the members with access to the set.
    • post
      Update a set.
    • post
      Updates the set members.
    • post
      Adds a Blocked IP Range.
    • post
      Adds an IP Range local to the customer network.
    • post
      Requests a heath check from a specific cloud connector or from all cloud connectors.
    • post
      Create a directory.
    • post
      Creates a Reports directory in Path for the tenant.
    • post
      Creates a Reports directory in the tenant for the current user.
    • post
      Deletes a Blocked IP Range.
    • post
      Removes a suffix.
    • post
      Removes multiple suffixes.
    • post
      Delete a set of certificates.
    • post
      Deletes a directory.
    • post
      Deletes a file.
    • post
      Deletes a set of files.
    • post
      Deletes a list of proxies.
    • post
      Remove a connector referred to by proxyUuid.
    • post
      Deletes the tenant configuration key.
    • post
      Deletes an IP Range local to the customer network.
    • post
      Check for the existence of a directory.
    • post
      Downloads a certificate.
    • post
      Download the contents of a file.
    • post
      Check for the existence of a file.
    • post
      Generates a new registration code.
    • post
      Generates a password.
    • post
      Get a list of domains in the forest.
    • post
      Gets the active directory topology for the directory service Uuid or the domain name.
    • post
      Get the tenant suffixes.
    • post
      Gets the blocked IP Ranges.
    • post
      Gets the certificate authority certificate chain.
    • post
      Get the tenant suffixes excluding 'legacy' versions.
    • post
      Gets the public part of the cloud certificate authority certificate.
    • post
      Gets the connector log4net config for the connector.
    • post
      Gets the current Iwa Json Url.
    • post
      Gets the current Iwa Url.
    • post
      Gets the public part of the default global app signing certificate.
    • post
      List the directory contents of a directory.
    • post
      Get a list of directory contents.
    • post
      Gets directory information for the path.
    • post
      Gets the directory services.
    • post
      Gets a list of domain controllers for the directory service Uuid in domain name.
    • post
      Gets download urls.
    • post
      Get metadata and information about a file, as well as the file contents.
    • post
      Get the Iwa trust root certificate.
    • post
      Gets the localized value of the tag.
    • post
      Get domains and organizational units.
    • post
      Gets the IP Ranges local to the customer network.
    • post
      Get the connector Iwa host certificate file.
    • post
      Gets the Iwa settings for the connector Uuid.
    • post
      Retrieves a list of product licenses for this tenant, from Salesforce.
    • post
      Get a list of directory contents with a file extension of 'report'.
    • post
      Get supported cultures, returning their code and native name.
    • post
      Gets the public part of the tenant CA certificate.
    • post
      Gets the tenant's config value for a key.
    • post
      Returns a file name that is unique in the directory.
    • post
      Gets all user settings of setting type.
    • post
      Gets the Zso certificate
    • post
      Gets the ZSO certs info for given device.
    • post
      Gets the Zso host information.
    • post
      This is a callback used by the twilio service.
    • post
      Issues a user certificate. (Deprecated, please use OAuth2 instead.)
    • post
      Issues a Zso user certificate
    • post
      List the file contents of a directory.
    • post
      Looks for name and description fields in a file.
    • post
      Return given text as a file.
    • post
      Move directory 'path' to 'toPath'.
    • post
      Calls the NotifyEnvironment method on the connector.
    • post
      Redirect to the targetUrl.
    • post
      Read the contents of a file.
    • post
      Re issue the certificate for the connector.
    • post
      Rename certificate with thumbprint to newName.
    • post
      Revokes the ZSO certificates for given users list and device
    • post
      Sets the connector Log4Net config for a connector.
    • post
      Sets the default certificate for the current tenant.
    • post
      Set the certificate for the Iwa connector.
    • post
      Set the connector Iwa Settings for proxyUuid.
    • post
      Sets the value of a tenant configuration key.
    • post
      Starts the named service on the connector.
    • post
      Stops the named service on the connector.
    • post
      Store a suffix.
    • post
      Saves the user information.
    • post
      Stores the user settings.
    • post
      Updates the directory services stack for a tenant.
    • post
      Updates the Iwa connector settings.
    • post
      Uploads a certificate.
    • post
      Write string content to a file.
    • post
      Gets the value of an extended column.
    • post
      Gets the value of all extended columns for a row.
    • post
      Gets the tables extended columnar schema.
    • post
      Sets the value of an extended column.
    • post
      Sets the value of an extended column.
    • post
      Updates a table's extended columnar schema.
    • post
      Add a certificate authority.
    • post
      Downloads the certificate authority public key file.
    • post
      Get certificate authorities for the tenant.
    • post
      Remove a certificate authority.
    • post
      Update a certificate authority.
    • post
      Add global group assertion mapping.
    • post
      Create federation.
    • post
      Delete a federation.
    • post
      Delete global group assertion mapping.
    • post
      Get the federation metadata.
    • post
      Get a federation.
    • post
      Get federation group assertion mappings.
    • post
      Gets a list of federations.
    • post
      Gets a list of federation types.
    • post
      Get global federation settings.
    • post
      Get global group assertion mappings.
    • post
      Gets a list of federated groups.
    • post
      Gets the public part of the Service Provider signing certificate.
    • post
      Gets the public part of the Service Provider signing certificate authority.
    • post
      Update a federation.
    • post
      Update federation group assertion mappings.
    • post
      Update the global group assertion mappings.
    • post
      Call back for the google directory service.
    • post
      Gets the IDP authorization state for the pollingToken.
    • post
      Gets the directory service configuration.
    • post
      Gets the state id and the service login url.
    • post
      Updates the directory service configuration.
    • post
      Updates the directory service configuration.
    • post
      Simple health check for load balancers: Is this node active?
    • post
      Returns login Data configurement.
    • post
      Adds a service to the Lightweight Directory Access Protocol (LDAP) config.
    • post
      Remove a service from the Lightweight Directory Access Protocol (LDAP).
    • post
      Get a list of cloud connectors that have the LDAP module enabled.
    • post
      Gets the directory service version for an LDAP directory service specified by UUID.
    • post
      Get the Lightweight Directory Access Protocol (LDAP) config.
    • post
      Get the Directory Service UUID for a specific LDAP, using the name assigned by the user.
    • post
      Gets the list of mappable LDAP attributes.
    • post
      Gets a property to attribute mapping on an LDAP enabled directory service.
    • post
      Gets the scripting property to attribute mapping from an LDAP enabled directory service.
    • post
      Modify a service in the Lightweight Directory Access Protocol (LDAP) config.
    • post
      Sets a property to attribute mapping on an LDAP enabled directory service.
    • post
      Sets the scripting property to attribute mapping on an LDAP enabled directory service.
    • post
      Gets the results of the specified mappings by looking up a user by name.
    • post
      Verify the Lightweight Directory Access Protocol (LDAP) directory service config.
    • post
      Retrieves the file from the virtual file system.
    • post
      Add a single OATH profile to a specific user.
    • post
      Deprecated -- Forces the Idaptive oath profile to exist.
    • post
      Forces the Idaptive oath profile to exist.
    • post
      Delete a list of profiles.
    • post
      Gets data from a csv file.
    • post
      Get import profile list.
    • post
      Gets the profile list for the user.
    • post
      Gets the oath profile list for a device.
    • post
      Deprecated -- Resets the Idaptive OATH profile.
    • post
      Resets the Idaptive OATH profile.
    • post
      Resynchronize a TOTP or HOTP token.
    • post
      Save or update the default Idaptive profile.
    • post
      Set response parameters to entity.
    • post
      Process a previously uploaded csv file.
    • post
      Update the oath profile counter.
    • post
      Validate the otp code.
    • post
      Creates a client token.
    • post
      Change membership on specific organization
    • post
      Create an organization unit
    • post
      Delete an organization unit
    • post
      Get All organizations units
    • post
      Get administrators for specific organization
    • post
      Get administrative right definition for specific organization
    • post
      Get roles of specific organization
    • post
      Get All organizations units
    • post
      Check if current user can perform specific task
    • post
      Update an organization unit
    • post
      Update organization administrators
    • post
      Update organization permission assignment
    • post
      Login
    • post
      Add an authentication policy modifier.
    • post
      Delete an authentication policy modifier.
    • post
      Delete a policy block.
    • post
      Get the authentication policy modifiers.
    • post
      Gets a list of policy links.
    • post
      Get policy block.
    • post
      Gets the oath otp name for the user.
    • post
      Get the password complexity requirements for the user.
    • post
      Gets a list of policy links.
    • post
      Get policy block.
    • post
      Retrieves a boolean policy value.
    • post
      Retrieves an integer policy value.
    • post
      Get the policy meta data.
    • post
      Retrieves a string policy value.
    • post
      Get the rsop policy for the user and device.
    • post
      Gets the oath u2f name for the user.
    • post
      Get using cloud mobile group policy.
    • post
      Get a list of policies for a device.
    • post
      Deprecated; use SavePolicyBlock3.
    • post
      Save a new or updated policy.
    • post
      Saves a list of policy links.
    • post
      Saves a list of policy links.
    • post
      Sets the using cloud mobile group policy.
    • post
      Get all radius clients.
    • post
      Fetch Radius config for a specified connector
    • post
      Get the list of RADIUS servers
    • post
      Get the user identifier attribute types.
    • post
      Remove one or more radius clients if they exist.
    • post
      Remove radius servers.
    • post
      Add or update a radius client.
    • post
      Change radius config for a connector.
    • post
      Configures a Radius server.
    • post
      Gets a list of tenants for the customer.
    • post
      Register a new tenant.
    • post
      Delete job history.
    • post
      Make a job report.
    • post
      Deprecated -- Am I authenticated.
    • post
      Deprecated -- Checks for user execute rights on the Application Role Management task.
    • post
      Begin the process of recovering a lost or forgotten user name.
    • post
      Gets a list of risk levels.
    • post
      Deprecated -- Multi factor authentication login for user.
    • post
      Add an enrollment code
    • post
      Delete an enrollment code
    • post
      Disables zero or more features for an enrolled machine.
    • post
      Deprecated -- EnableFeatures
    • post
      Enables zero or more features for an enrolled machine.
    • post
      Get all enrollment codes
    • post
      Verify password.
    • post
      For social authentication, this is the Facebook call back.
    • post
      For social authentication, this is the Google call back.
    • post
      For social authentication, this is the LinkedIn call back.
    • post
      For social authentication, this is the Microsoft call back.
    • post
      For social authentication, this is the Twitter call back.
    • post
      Gets the social configurations for all identity providers.
    • post
      Get the application client secret.
    • post
      Gets the social user authentication configuration.
    • post
      Gets the social configuration for the requested identity provider.
    • post
      Resets the social user authentication configuration.
    • post
      Sets the social user authentication configuration.
    • post
      Set custom configuration.
    • post
      Describe the system.
    • post
      Dummy
    • post
      Retrieve a session id.
    • post
      Get the system version.
    • post
      Request the cancellation of a job.
    • post
      Create a one time job.
    • post
      Emails the report from scriptPath to the emailTo address.
    • post
      Returns streaming job history data via a redrock style interface.
    • post
      Gets the history of a single job.
    • post
      Retrieve simple job metrics from the persistent job system.
    • post
      List the cnames assigned for the tenant.
    • post
      Gets the domain of tenant urls
    • post
      Creates a cname with prefix specified for the tenant.
    • post
      Sets the tenant cname to preferred as cname
    • post
      Gets the tenant cnames.
    • post
      Deletes the cname for the tenant
    • post
      Deletes a single key record from the config table.
    • post
      Returns tenant's configuration values.
    • post
      Get tenant configuration.
    • post
      Deprecated -- Get editable mail templates.
    • post
      Get editable message template.
    • post
      Get editable message templates.
    • post
      Gets the google key for the tenant.
    • post
      Gets the tenant mobile configuration data.
    • post
      Get the tenant Simple Mail Transport Protocol configuration.
    • post
      Get the tenant Telephony Credits Notification configuration.
    • post
      Get the tenant Twilio configuration.
    • post
      Reset portal configuration.
    • post
      Send a test message template.
    • post
      Set the tenant configuration.
    • post
      Set a tenant configuration.
    • post
      Sets the google key for the tenant.
    • post
      Sets the tenant mobile configuration.
    • post
      Set password persistance. i.e. do we save your password.
    • post
      Set the tenant Simple Mail Transport Protocol configuration.
    • post
      Set the tenant Telephony Credits Notification configuration.
    • post
      Set the tenant Twilio configuration.
    • post
      Test the tenant Simple Mail Transport Protocol configuration.
    • post
      Test the tenant Twilio configuration.
    • post
      Evaluate a shortened URL key, redirecting to its long URL if valid.
    • post
      Get the file.
    • post
      Get lower case file name.
    • post
      Authenticate the ZSO session.
    • post
      Login using a tenant Certificate authority certificate.
    • post
      Clears the Mac Safari Zso cookie.
    • post
      Is the Mac Safari Zso cookie set.
    • post
      Checks to see if sessionId is authenticated.
    • post
      Sets the Mac Safari Zso cookie.
  • Cloud User Management
    • post
      Change cloud user properties.
    • post
      Create a new user in the Cloud Directory Service.
    • post
      Create a new user in the Cloud Directory Service using minimal user information.
    • post
      Create new users in the Cloud Directory Service.
    • post
      Delete a cloud user. (DEPRECATED)
    • post
      Get details for a specified cloud user.
    • post
      Get details for a specified user by name.
    • post
      Get all cloud users.
    • post
      Removes AuthSource for list of users
    • post
      Removes AuthSource from all users for a given Federation
    • post
      Set a cloud user's picture file.
    • post
      Set user State (locked, disabled, expired) for a specified cloud user.
    • post
      MultiFactor Auth support: answer out of band challenge.
    • post
      Determines if user needs step-up authentication.
    • post
      Fetches a one-time passcode for the specified use.
    • post
      Get Token for username Requires OATH2 Authorization header
    • post
      Deprecated -- User login.
    • post
      Logout current user.
    • post
      Start social authentication.
    • post
      Checks to see if user has execute rights on the task.
    • post
      Checks to see if user has execute rights on a list of tasks.
    • post
      Looks for the multi auth customer response.
    • post
      Looks for the multi auth customer response.
    • post
      Confirms user authentication state.
    • post
      Check if a user profile challenge is required for the current user.
    • post
      Get the user preferences.
    • post
      DEPRECATED -- This API is deprecated and should not be used.
    • post
      Uncache the user preferences.
  • Directory Services
    • post
      Bulk imports users from csv file.
    • post
      Performs the action after confirming permission to do so.
  • Role Management
    • post
      Assigns directoryfile rights to roles.
    • post
      Assigns directory rights to roles.
    • post
      Assigns file rights to roles.
    • post
      Get list of administrative rights associated with a role.
    • post
      List the roles and rights to a directoryfile.
    • post
      List the roles and rights of a directory.
    • post
      List the roles and rights of a file.
    • post
      List the Dashboard roles and rights.
    • post
      List the Report roles and rights.
    • post
      Get the users for the specfied role id and return the paged results.
    • post
      Fetch a Role's principals.
    • post
      Create a Principal List role.
    • post
      Update specific attributes of a Role, leaving the rest unchanged.
    • post
      Add principals to role.
    • post
      Delete a role.
    • post
      Delete a list of Roles.
    • post
      Fetch a Role.
    • post
      Deprecated -- Fetch a Role's principals.
    • post
      Remove principals from role.
    • post
      Deprecated -- Create a Principal List role.
    • post
      Deprecated -- Update a Role.
  • Workflow Management
    • post
      Deletes a workflow job
    • post
      Sends a workflow event to a workflow
    • post
      Gets a workflow job
    • post
      Gets list of workflow jobs
    • post
      Gets list of workflow jobs associated with the current user
    • post
      Starts a workflow job
  • Device Management
    • post
      Delete a device (Mobile + OSX)
    • post
      Disable SSO on device (Mobile + OSX)
    • post
      Enable SSO on device (Mobile + OSX)
    • post
      Gets list of global permissions associated with device
    • post
      Reset Samsung KNOX container password (Samsung Mobile)
    • post
      Lock client app (Mobile)
    • post
      Lock device screen (Mobile + OSX)
    • post
      Ping a device (Mobile + OSX)
    • post
      Power off a device (Mobile + OSX)
    • post
      Reapply device policies (Mobile + OSX)
    • post
      Reboot a device (Mobile + OSX)
    • post
      Unenroll a device (Mobile + OSX)
    • post
      Reset client app lock pin (Mobile)
    • post
      Grant permissions on devices
    • post
      Set a device as primary (Mobile)
    • post
      Unlock a device (Mobile + OSX)
    • post
      Update device policies (Mobile + OSX)
    • post
      Wipe a device (Mobile + OSX)
    • post
      Grant permissions on applicationss
  • Application Management
    • post
      Get meta
    • post
      Delete an application.
    • post
      Gets the ID of an app from its service name
    • post
      Get information for an application.
    • post
      Get information for application templates.
    • post
      Create an application.
    • post
      Checks if Application is still available in the catalog.
    • post
      Update an application.
    • post
      Get an application's data.
    • post
      Return a user's portal applications and how the user has access to each application.
    • post
      Get the list of application tags for the current user.
    • post
      Gets all available data for the user portal in one call.
    • post
      Set user credentials for an application.
    • post
      Add and update application tags for the current user.

Analytics

  • post
    /rules/webhook
  • post
    /rules/webhook/test
  • post
    /rules/{id}/status
  • get
    /rules
  • post
    /file/export/rules/webhook/{name}
  • post
    /file/import/rules/webhook
  • delete
    /rules/{id}
  • post
    /apis/access_tokens
  • get
    /apis/access_tokens
  • get
    /apis/scopes
  • put
    /apis/access_tokens/{id}/activate
  • put
    /apis/access_tokens/{id}/inactivate
  • delete
    /apis/access_tokens/{id}
  • get
    /dataset/system/models

Getting Started

  • New product names
  • Use Queries
  • Data Dictionary
View All 5

Authenticate and Authorize Users

  • Overview
  • Authentication Quick Start
  • About OpenID Connect
View All 14

Installation Guides

  • AWS CLI for CyberArk Identity
  • AWS Powershell Utility V10

Manage Users

  • User Management
  • Create and Manage Cloud Directory Users
  • Manage Applications for Users
View All 10

Manage Resources

  • Monitor Connector Status
  • Configure CORS

Manage Applications

  • Manage Access to Applications
  • Add Applications to a Website
  • Editing Custom Logic
View All 4

Mobilize

  • Manage Devices

User Behavior Analytics

  • Work with Analytics Endpoints
  • Webhooks

SCIM client

  • SCIM Provisioning Overview - Client
  • Automatic SCIM Provisioning
  • Role-based User Provisioning
View All 6

SCIM server

  • SCIM Provisioning Overview - Server
  • SCIM Server configuration
  • Discover SCIM server implementation details
View All 5