[Sharing] CyberArk Privilege Cloud (ISPSS) — Custom FortiSOAR Connector

Hi all,

Sharing a custom FortiSOAR connector for CyberArk Privilege Cloud that I built to support the ISPSS (Identity Security Platform Shared Services) deployment, in addition to Privilege Cloud Standard.

Why I built it

ISPSS tenants authenticate through CyberArk Identity using the OAuth2 client-credentials flow (/oauth2/platformtoken) and serve the PVWA API from a separate host. The catch most people hit: the Identity tenant ID is usually NOT the same as the portal subdomain. For example, the portal might be acme.cyberark.cloud while the real Identity host is abc1234.id.cyberark.cloud. Deriving the Identity host from the subdomain fails with a DNS error before the credentials are ever tested.

This connector handles that with explicit Identity Tenant URL and Privilege Cloud API URL fields, plus a dedicated ServiceUser (OAuth confidential client) authentication type.

What it supports

• Deployments: Privilege Cloud ISPSS (*.cyberark.cloud) and Privilege Cloud Standard (*.privilegecloud.cyberark.com), auto-detected from the Server URL.
• Authentication: ServiceUser (OAuth2 client credentials — recommended for automation), CyberArk, LDAP, RADIUS.
• API: CyberArk Privilege Cloud REST API (Gen 2).

Operations (32)

• Accounts: list, details, retrieve password, reconcile
• Safes: list, details, add, update, delete
• Safe Members: list, add, update, delete
• Account Groups: list, members, add/remove member
• Users: list, details, add, update, delete, reset password, activate
• User Groups: list, add member
• Session Recordings: list, details, play
• Vault-mode credential retrieval

Configuration highlights

Standard fields: Server URL, Authentication Type, Username / Client ID, Password / Client Secret, Verify SSL.

Two optional fields for ISPSS tenants whose hosts don't follow the subdomain pattern:

• Identity Tenant URL — the real https://<tenant-id>.id.cyberark.cloud host.
• Privilege Cloud API URL — the PVWA API base host.

Leave both blank to auto-derive from the subdomain.

The tip that saves the most time

For ISPSS, set Identity Tenant URL to your actual Identity host. To find it, open your portal URL in a browser and read the host it redirects to (https://<tenant-id>.id.cyberark.cloud), or ask CyberArk support. If authentication succeeds but every API call returns 404, your Privilege Cloud API URL is the wrong host.

For the service user: create it in CyberArk Identity with "Is OAuth confidential client" enabled and no MFA policy, then grant it least-privilege safe permissions (List Accounts + Retrieve Accounts is enough for credential retrieval).

 

Download

Git: https://gitlab.com/dhn0x/fortisoar/-/blob/b728f65d3d4aabf6eb8b12ad9075428b378f7fe8/Custom%20Connector/CyberArk%20Cloud%20ISPSS/cyberark-privilege-cloud-ispss-1.0.0.tgz

The repository includes the connector tarball, a README, full documentation (prerequisites, configuration, per-operation parameters, a least-privilege permission map, and troubleshooting), and release notes.

 

Install

Content Hub → Manage → Add Connector → upload the .tgz → create a configuration → run Health Check.

Note

This is a community connector, not an official CyberArk or Fortinet product. Please test in a non-production environment before deploying. Feedback, issues, and contributions are welcome on the GitHub repo.