OneTrust
The OneTrust integration connects Ploy to your OneTrust tenant through OneTrust's API, using an OAuth 2.0 client-credentials API credential. Once connected, Ploy ingests the users in your OneTrust tenant — including each user's email, name, and account status — and surfaces them alongside your other identities for access review.
Before you begin
You need administrator access to your OneTrust tenant to create an API credential.
The credential must be granted the USER scope, which lets Ploy read your tenant's users.
Have your OneTrust tenant hostname ready — the host you use to sign in, for example
acme.my.onetrust.com(regional tenants may look likeapp-uk.onetrust.com).
Create an API credential in OneTrust
Sign in to OneTrust as an administrator.
Open Global Settings, then go to Access Management and select Client Credentials.
Create a new credential and give it a recognisable name, for example
Ploy.Grant it the USER scope so it can read users.
Save the credential, then copy the Client ID and Client Secret. The client secret is shown only once — store it somewhere safe before leaving the page.
Connect OneTrust in Ploy
In Ploy, go to Integrations and select OneTrust.
In Tenant Hostname, enter your OneTrust hostname without
https://or a trailing path, for exampleacme.my.onetrust.com.In Client ID, paste the Client ID from the credential you created.
In Client Secret, paste the Client Secret.
Continue to the next page and click Test Connection to confirm Ploy can reach your tenant.
Troubleshooting
The connection test says the credential is missing a scope. Edit the credential in OneTrust and make sure the USER scope is granted, then run the test again.
The credentials are rejected. Double-check the Client ID and Client Secret. If you have rotated the secret in OneTrust, paste the new value into Ploy and re-test.
Ploy cannot reach your tenant. Confirm the Tenant Hostname is correct and entered without https:// or any path — just the host, for example acme.my.onetrust.com.