Skip to content About The people and vision powering Probo Blog The latest news from Probo Stories Hear from our customers Changelog Latest product updates Docs Documentation for Probo GitHub Explore our open-source compliance tools

Clerk

Probo reads your Clerk application’s end users through the Backend API so you can review who has access. These are the people who sign up to your application, not your Clerk Dashboard team members, so Clerk exposes no role or administrator concept for them and both fields are Not supported.

  • Probo organization administrator access
  • Access to the target Clerk application in the Clerk Dashboard, with permission to view its API keys page
  • The Clerk instance whose end users Probo should review (each Secret Key is bound to a single development or production instance, so use one key per instance)
Probo fieldClerk fieldNotes
Namefirst_name and last_nameFalls back to the username, then the primary email address, when no name is set
Emailemail_addressesThe primary email address
RoleNot supported
AdminNot supported
Statusbanned, locked, deprovisionedActive unless the user is banned, locked, or deprovisioned
MFAtwo_factor_enabled, totp_enabled, backup_code_enabledDerived from the user’s two-factor, TOTP, or backup-code enrollment
Last loginlast_sign_in_atThe user’s most recent sign-in
External IDidStable identifier used to track the account across reviews
Created atcreated_atWhen the user account was created

Copying the Secret Key from the Clerk Dashboard API keys page

  1. In the Clerk Dashboard, select your application, then open API keys in the sidebar.
  2. Under Secret keys, copy the Secret Key, or create a new one. The Secret Key is unscoped and grants full Backend API access, so there is no permission or scope to set.
  3. Copy the key (sk_live_… / sk_test_…) and store it securely. A newly created secret cannot be retrieved again later.
  1. In Probo, go to Access Reviews > Sources > Add Source.
  2. Find Clerk, click API Key, paste the key, and click Connect.

Probo names the source Clerk and pulls your application’s end users into your campaigns.

  • Key rejected. Confirm it’s a Secret Key (sk_live_… / sk_test_…) from the Clerk Dashboard. Publishable keys (pk_live_… / pk_test_…) don’t work.
  • No users appear. The Secret Key must belong to the Clerk instance whose end users you’re reviewing, and that instance must have users who have signed up.