Skip to contentAboutThe people and vision powering ProboBlogThe latest news from ProboStoriesHear from our customersChangelogLatest product updatesDocsDocumentation for ProboGitHubExplore our open-source compliance tools

Clerk

Probo reads your Clerk application’s end users through the Backend API so you can review who has access. These are the people who sign up to your application, not your Clerk Dashboard team members, so Clerk exposes no role or administrator concept for them and both fields are Not supported.

  • Probo organization administrator access
  • Access to the target Clerk application in the Clerk Dashboard, with permission to view its API keys page
  • The Clerk instance whose end users Probo should review (each Secret Key is bound to a single development or production instance, so use one key per instance)
Probo field Clerk field Notes
Name first_name and last_name Falls back to the username, then the primary email address, when no name is set
Email email_addresses The primary email address
Role Not supported
Admin Not supported
Status banned, locked, deprovisioned Active unless the user is banned, locked, or deprovisioned
MFA two_factor_enabled, totp_enabled, backup_code_enabled Derived from the user’s two-factor, TOTP, or backup-code enrollment
Last login last_sign_in_at The user’s most recent sign-in
External ID id Stable identifier used to track the account across reviews
Created at created_at When the user account was created

Copying the Secret Key from the Clerk Dashboard API keys page

  1. In the Clerk Dashboard, select your application, then open API keys in the sidebar.
  2. Under Secret keys, copy the Secret Key, or create a new one. The Secret Key is unscoped and grants full Backend API access, so there is no permission or scope to set.
  3. Copy the key (sk_live_… / sk_test_…) and store it securely. A newly created secret cannot be retrieved again later.
  1. In Probo, go to Access Reviews > Sources > Add Source.
  2. Find Clerk, click API Key, paste the key, and click Connect.

Probo names the source Clerk and pulls your application’s end users into your campaigns.

  • Key rejected. Confirm it’s a Secret Key (sk_live_… / sk_test_…) from the Clerk Dashboard. Publishable keys (pk_live_… / pk_test_…) don’t work.
  • No users appear. The Secret Key must belong to the Clerk instance whose end users you’re reviewing, and that instance must have users who have signed up.