Release Notes

Prerequisites

Requirements and configuration to get started with Veza Access AuthZ

Before using the Access Request APIs, ensure your Veza environment is properly configured with the following requirements:

Core Requirements

1. Enable Access Requests

Go to Lifecycle ManagementSettings, then select the Access Request Settings tab:

  1. Toggle Enable Requests to ON

  2. Toggle Grant without approval to ON (required for API automation)

The Allow approval on request setting is optional. Enable it if you want to support manual approval workflows in addition to automatic grants.

All API calls will fail until Access Requests are enabled.

2. Admin Permissions

The API token must belong to a user with Admin role. API calls made without admin permissions will fail with authorization errors.

To create an API token:

  1. Navigate to AdministrationAPI Keys

  2. Create a new key for your admin user

  3. See API Authentication for details

3. Enable Lifecycle Management on Integrations

Each integration you want to use with Access AuthZ must have Lifecycle Management enabled.

To enable Lifecycle Management:

  1. Navigate to Integrations in Veza

  2. Locate your target integration in the table

  3. Click the three-dot menu (⋮) in the Actions column

  4. Select Edit from the dropdown menu

  5. On the integration edit page, locate the Lifecycle Management configuration section

  6. Configure and enable the Lifecycle Management settings

  7. Click Save to apply your changes

After enabling Lifecycle Management, the Lifecycle Management column in the integrations table will display the current status:

  • Enabled - Ready to use with the Access Request APIs

  • Disabled - Lifecycle Management configured but currently disabled

  • Not Configured - Lifecycle Management not yet set up

  • Not Supported - Integration doesn't support Lifecycle Management

When enabled, Veza creates a separate "Lifecycle Manager datasource ID" for this integration that you'll use in API calls.

For guidance on finding the correct Lifecycle Manager datasource ID to use in API calls, see the FAQ: How do I find Lifecycle Manager datasource IDs?

Without Lifecycle Management enabled, the Access Request APIs cannot perform operations on that target system.

4. Verify Target System Permissions

Veza's service account in each target application must have sufficient permissions for the operations you intend to perform:

Operation
Required Permission

Create user

Permission to create user accounts

Update user

Permission to change user attributes

Add to group/role

Permission to alter group/role membership

Remove from group/role

Permission to change group/role membership

Disable user

Permission to disable/deactivate accounts

Refer to integration-specific documentation for detailed permission requirements. See Target Application Support.

Supported Integrations

The Access Request APIs work with any integration that supports Lifecycle Management Actions.

For the list of integrations and supported capabilities, see the Lifecycle Management Integrations table.

Additional integration options:

  • SCIM integration: If the target application does not have a native Veza integration but supports SCIM v2, use Veza's SCIM integration.

  • Custom applications: Use the Open Authorization API (OAA) to enable provisioning for custom applications.

Required Features

The following features must be enabled for your tenant, if not enabled by default.

  • Access Requests - Core capability for programmatic provisioning

  • Lifecycle Management - Must be enabled tenant-wide and per-integration

If Access Requests are not available in Veza Lifecycle Management > Settings, contact Veza support to enable these capabilities for your tenant.

For troubleshooting and verification steps, see the FAQ: Troubleshooting section

PreviousQuick StartNextFAQ

Last updated

Was this helpful?