> ## Documentation Index
> Fetch the complete documentation index at: https://conductorone-docs-google-workspace-action-examples.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Set up a Cursor connector

> C1 provides identity governance for Cursor. Integrate your Cursor instance with C1 to run user access reviews (UARs) and enable just-in-time access requests.

<Warning>
  The Cursor connector requires the Cursor **Enterprise** plan. The Admin API used by this connector is only available to Enterprise teams. Teams on the Business plan do not have access to the Admin API and cannot use this connector.
</Warning>

## Capabilities

The Cursor connector syncs the following resources:

| Resource | Sync                                                          | Provision |
| :------- | :------------------------------------------------------------ | :-------- |
| Account  | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |           |
| Role     | <Icon icon="square-check" iconType="solid" color="#c937ae" /> |           |

**Notes:**

* The connector syncs team members and their assigned roles (Owner, Member, Free Owner).
* Provisioning is not currently supported. The connector provides read-only visibility into Cursor team membership and role assignments.

**Additional functionality:**

*None.*

## Prerequisites

Before setting up the Cursor connector, confirm the following:

* Your Cursor team is on the **Enterprise** plan. The Admin API is not available on Business or other plans.
* You have the **administrator** role in your Cursor team. Only administrators can create API keys.

<Tip>
  If your organization uses Cursor on the Enterprise plan with SSO enabled, you can also configure [SCIM provisioning](https://cursor.com/docs/account/teams/scim) directly in Cursor to manage user lifecycle through your identity provider. The C1 connector complements SCIM by providing access visibility and review capabilities.
</Tip>

## Gather Cursor credentials

<Warning>
  To configure the Cursor connector, you need **administrator** permissions in your Cursor team.
</Warning>

<Steps>
  <Step>
    Log in to the [Cursor dashboard](https://cursor.com/dashboard).
  </Step>

  <Step>
    Navigate to **Settings** > **Advanced** > **Admin API Keys**.
  </Step>

  <Step>
    Click **Create New API Key** and provide a descriptive name (for example, `C1`).
  </Step>

  <Step>
    Copy the generated API key and save it securely. The key follows the format `key_` followed by a 64-character string. You cannot retrieve the key after leaving the page.
  </Step>
</Steps>

For more information, see the [Cursor Admin API documentation](https://cursor.com/docs/account/teams/admin-api).

## Configure the Cursor connector

<Warning>
  To complete this task, you need:

  * The **Connector Administrator** or **Super Administrator** role in C1
  * The Cursor API key gathered in the previous section
</Warning>

<Tabs>
  <Tab title="Cloud-hosted">
    **Follow these instructions to use a built-in, no-code connector hosted by C1.**

    <Steps>
      <Step>
        In C1, navigate to **Integrations** > **Connectors** and click **Add connector**.
      </Step>

      <Step>
        Search for **Cursor** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new Cursor connector:

        * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)
        * Add the connector to a managed app (select from the list of existing managed apps)
        * Create a new managed app
      </Step>

      <Step>
        Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.

        If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        Find the **Settings** area of the page and click **Edit**.
      </Step>

      <Step>
        Enter your Cursor API key in the **API Key** field.
      </Step>

      <Step>
        Click **Save**.
      </Step>

      <Step>
        The connector's label changes to **Syncing**, followed by **Connected**. You can view the logs to ensure that information is syncing.
      </Step>
    </Steps>

    **That's it!** Your Cursor connector is now pulling access data into C1.
  </Tab>

  <Tab title="Self-hosted">
    **Follow these instructions to use the Cursor connector, hosted and run in your own environment.**

    When running in service mode on Kubernetes, a self-hosted connector maintains an ongoing connection with C1, automatically syncing and uploading data at regular intervals.
    This data is immediately available in the C1 UI for access reviews and access requests.

    ### Step 1: Set up a new Cursor connector

    <Steps>
      <Step>
        In C1, navigate to **Integrations** > **Connectors** > **Add connector**.
      </Step>

      <Step>
        Search for **Baton** and click **Add**.
      </Step>

      <Step>
        Choose how to set up the new Cursor connector:

        * Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren't yet managed with C1)
        * Add the connector to a managed app (select from the list of existing managed apps)
        * Create a new managed app
      </Step>

      <Step>
        Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.

        If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
      </Step>

      <Step>
        Click **Next**.
      </Step>

      <Step>
        In the **Settings** area of the page, click **Edit**.
      </Step>

      <Step>
        Click **Rotate** to generate a new Client ID and Secret.

        Carefully copy and save these credentials. You need them in Step 2.
      </Step>
    </Steps>

    ### Step 2: Create Kubernetes configuration files

    Create two Kubernetes manifest files for your Cursor connector deployment:

    #### Secrets configuration

    ```yaml theme={null}
    # baton-cursor-secrets.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: baton-cursor-secrets
    type: Opaque
    stringData:
      # C1 credentials
      BATON_CLIENT_ID: <C1 client ID>
      BATON_CLIENT_SECRET: <C1 client secret>

      # Cursor config
      BATON_CURSOR_API_KEY: <Cursor API key>
    ```

    See the connector's README or run `--help` to see all available configuration flags and environment variables.

    #### Deployment configuration

    ```yaml expandable theme={null}
    # baton-cursor.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: baton-cursor
      labels:
        app: baton-cursor
    spec:
      selector:
        matchLabels:
          app: baton-cursor
      template:
        metadata:
          labels:
            app: baton-cursor
            baton: true
            baton-app: cursor
        spec:
          containers:
          - name: baton-cursor
            image: ghcr.io/conductorone/baton-cursor:latest
            imagePullPolicy: IfNotPresent
            env:
            - name: BATON_HOST_ID
              value: baton-cursor
            envFrom:
            - secretRef:
                name: baton-cursor-secrets
    ```

    ### Step 3: Deploy the connector

    <Steps>
      <Step>
        Create a namespace in which to run C1 connectors (if desired), then apply the secret config and deployment config files.
      </Step>

      <Step>
        Check that the connector data uploaded correctly. In C1, click **Apps**. On the **Managed apps** tab, locate and click the name of the application you added the Cursor connector to. Cursor data should be found on the **Entitlements** and **Accounts** tabs.
      </Step>
    </Steps>

    **That's it!** Your Cursor connector is now pulling access data into C1.
  </Tab>
</Tabs>

## Known limitations

* **Enterprise plan required.** The Cursor Admin API is only available on Enterprise plans. Teams on the Business plan cannot use this connector.
* **No provisioning.** The connector provides read-only access. It cannot invite users, remove members, or modify role assignments through the Cursor API.
* **No role management API.** Cursor does not expose an API for changing user roles. Role assignments are synced for visibility only.
* **SCIM requires Enterprise and SSO.** SCIM-based user provisioning in Cursor is only available on Enterprise plans with SSO enabled. SCIM is configured directly in Cursor, not through this connector. See the [Cursor SCIM documentation](https://cursor.com/docs/account/teams/scim) for setup guidance.
