Inbound provisioning

This topic provides an overview of inbound provisioning, including prerequisites.

You can provision user data from specified external systems (for example, a web-based Human Capital Management system) to supported directory services using inbound provisioning. The external system is considered the data source, while a directory source known to CyberArk Identity is the target. The following table indicates support for data sources and targets.

You can provision users from your enterprise source directories (CyberArk Cloud Directory or any source Active Directory instances connected to CyberArk Identity) to one or more target Active Directory instances and assign the right set of access based on roles.

Source Target
BambooHR AD
SAP SuccessFactors AD
UltiPro AD


CyberArk Cloud Directory

CyberArk Cloud Directory


The following users are considered for provisioning:
Users created in CyberArk Cloud Directory.
Users created in AD directory which are configured to CyberArk Identity.

You can define synchronization schedules to synchronize user data from source directory to target Active Directories.

Before you start configuring inbound provisioning to AD targets, you need to do the following:

  • Installed the CyberArk Identity Connector.

    The CyberArk Identity Connector is required to provision users to AD target directories.

    See Install the CyberArk Identity Connector.

  • Stored the domain administrator account to CyberArk Identity.

    This step is only required if the CyberArk Identity Connector is not run by a domain administrator. See Manage domain administrative accounts.

  • Populated the relevant user data in your data source.

CyberArk supports the following data sources.