# CyberArk Import

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FVx3vcawaXEus29CaFi0G%2FImport-Keeper-Cyberark.jpg?alt=media&#x26;token=5feb06a1-909a-4200-bad0-80848f2b5841" alt=""><figcaption></figcaption></figure>

Keeper Commander will log on to CyberArk Privilege Cloud Web Portal or the self-hosted Password Vault Web Access (PVWA), retrieve accounts and their passwords, and automatically create corresponding Server records in Keeper.

```sh
keeper import --format=cyberark server.domain
```

If the server is a CyberArk Privilege Cloud Web Portal, i.e., it ends in ".cyberark.cloud," then it will prompt for the CyberArk Identity Tenant ID and CyberArk Service User credentials:

```
CyberArk Identity Tenant ID: abc12345
CyberArk service user name: myserviceuser
Cyberark service user password:
```

:information\_source: The Identity Tenant ID is the first part of the login URL, e.g., https\://*abc12345*.id.cyberark.cloud/...

If the server is any other hostname or IP address, then it will prompt for the authentication method, username, and password for PVWA:

```
CyberArk logon type (Cyberark, LDAP, RADIUS or Windows): LDAP
CyberArk username: myusername
CyberArk password: 
```

:information\_source: Use **LDAP** (not Windows) to log in with an **Active Directory** account

CyberArk Accounts based on Platforms in the *Windows* and *\*NIX* groups will be imported as Server records. Accounts based on the *Business Website p*latform, i.e., CyberArk Workforce Password Management Accounts, will import as Login records.

### Importing Accounts

The process will list the Accounts to be imported, including the ID, Name, and Safe. It will also show a progress meter with a timer and ETA. If password retrieval fails for an Account, a Retry, Skip, or Skip All dialog is presented. The process can retry the request, skip the Account, or skip all Accounts that trigger the same HTTP status.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FNHpxOei0QP7CkkJqpiuc%2FScreenshot%202025-05-07%20154348.png?alt=media&#x26;token=6df12176-7d8e-45f6-919a-75ebd48e5359" alt=""><figcaption><p>A dialog resulting from a 400 (Bad Request) HTTP response from the password API endpoint.</p></figcaption></figure>

#### Skipped Accounts

The skipped Accounts will be listed after processing is complete. The list includes the *ID*, *Name*, *Safe*, and the *Error* code and message.

### Using a search string to limit the imported Accounts

The process will import all Accounts by default; however, appending a question mark (?) followed by the search string will limit processing to Accounts that match the search.

```bash
keeper import --format=cyberark 10.11.12.13?WinDomain
```

### Using a custom query string

Alternatively, if the search string contains '=', the process will pass it to the CyberArk Get Accounts endpoint as a query string. E.g.,

```
keeper import --format=cyberark example.cyberark.cloud?limit=10&offset=20
```

passes the limit and offset parameters to the Accounts endpoint, causing it to page the accounts 10 at a time, starting at the 20th account.

### PowerShell Method

The [end-user guide](https://docs.keeper.io/user-guides/import-records-1/import-from-cyberark) includes a process to import data into Keeper from Cyberark using a PowerShell script. Note, however, that it accesses the Vault server directly, so it only works on self-hosted servers.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/import-and-export-commands/cyberark-import.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.