OAuth & OpenID Connect

OAuth 2.0 is an open-standard framework and specification for authorizing client applications to access online resources. Authorization works by requiring a client to obtain an access token from a server that, in turn, grants the client access to specific protected resources. The client then sends the access token to the resource whenever it invokes its endpoints.

CyberArk Identity supports OAuth 2.0, allowing custom CyberArk Identity client applications access to online resources needed by those applications.

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. The authentication result is returned in an ID token.

You can configure a CyberArk Identity tenant and client applications to handle different flows whereby different requirements and API calls are in place to obtain the access token and ID token


  1. Get access to CyberArk Identity tenant
  2. If you want to try out OpenID Connect, set up a OpenID Connect custom app on CyberArk Identity.
  3. If you want to try out OAuth 2.0 flows such as client credentials or resource owner password grant, set up a custom OAuth 2.0 client.

Test with postman collection

Refer to https://identity-developer.cyberark.com/v3.0/docs/testing-with-postman-1 and import the postman collection to test the OAuth 2.0 and OpenID Connect CyberArk Identity APIs.