User Guide
Developer Documentation
Integrations
Release Notes

Identity Providers

API endpoints for configuring Okta and OneLogin

You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.

AzureAD and Google Workspace identities are discovered by adding the associated Google Cloud account or Azure tenant as a cloud provider.

providers/activedirectory

See the configuration guide for the prerequisite steps to integrate Active Directory with Veza. An AD configuration has the following parameters:

{
  "ad_fqdn": "FQDN.NAME.ON.CERT",
  "name": "Test-AD",
  "host": "FQDN.FOR.DOMAIN.CONTROLLER",
  "port": 636,
  "ldaps_certificate": "Base64 Encoded String of PEM format",
  "username": "ADMIN",
  "password": "PASSWORD",
  "domains": ["FQDN.OF.DOMAIN"],
  "data_plane_id": "DATAPLAN_ID"
}

List Active Directory Providers

curl --location --request GET '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN'

The response will include all existing configurations, in the format:

{
    "values": [
        {
            "id": "interation-GUID",
            "vendor_id": "domain.controller.FQDN",
            "name": "ad_cct01",
            "type": "ACTIVE_DIRECTORY",
            "state": "ENABLED",
            "data_plane_id": "insight-point-GUID",
            "status": "SUCCESS",
            "host": "domain.controller.FQDN",
            "port": 636,
            "username": "read.only",
            "domains": [
                "corp.cookie.ai"
            ],
            "ad_fqdn": "cct01-ad-01.corp.cookie.ai",
            "identity_mapping_configuration": null
        }
    ]
}

Create Active Directory Provider:

curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
  "ad_fqdn": "FQDN.NAME.ON.CERT",
  "name": "Test-AD",
  "host": "FQDN.FOR.DOMAIN.CONTROLLER",
  "port": 636,
  "ldaps_certificate": "Base64 Encoded String of PEM format",
  "username": "ADMIN",
  "password": "PASSWORD",
  "domains": ["FQDN.OF.DOMAIN"],
  "data_plane_id": "DATAPLAN_ID"
}'

Get Active Directory Provider

curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
  "ad_fqdn": "FQDN.NAME.ON.CERT",
  "name": "Test-AD",
  "host": "FQDN.FOR.DOMAIN.CONTROLLER",
  "port": 636,
  "ldaps_certificate": "Base64 Encoded String of PEM format",
  "username": "ADMIN",
  "password": "PASSWORD",
  "domains": ["FQDN.OF.DOMAIN"],
  "data_plane_id": "DATAPLAN_ID"
}'

Delete Active Directory Provider

curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
--header 'Authorization: Bearer TOKEN'

Update Active Directory Provider

curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
    "port": 636
}'

providers/okta

An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:

{
  "id": "string",
  "domain": "string",
  "region": "string",
  "token": "string",
  "gather_all_applications": true,
  "domain_allow_list": [
    "string"
  ],
  "domain_deny_list": [
    "string"
  ],
  "app_allow_list": [
    "string"
  ],
  "app_deny_list": [
    "string"
  ]
}

See the Okta integration guide for more details on retrieving an Okta API token and registering your domain with Veza.

List Okta Providers

List Okta Providers

GET {{vezaURL}}/api/v1/providers/okta

Get the configuration and status for all configured Okta integrations.

* indicates a required field.

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string"
    }
  ]
}

Create Okta Provider

Create Okta Provider

POST {{vezaURL}}/api/v1/providers/okta

Submit a new Okta provider configuration.

* indicates a required field.

Request Body

Name
Type
Description

name*

string

Name for the Okta Provider

domain*

string

Okta domain

region*

string

The Okta region

us

data_plane_id

string

Provide if connecting via an Insight Point

token*

string

Okta API token

gather_all_applications

boolean

Whether to extract all apps or only selected

domain_allow_list

string list

Domains to explicitly allow

domain_deny_list

string list

Domains to exclude from discovery

app_allow_list

string list

Apps to explicitly allow

app_deny_list

string list

Apps to exclude from discovery

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string"
    }
  ]
}

Get Okta Provider

Get Okta Provider

GET {{vezaURL}}/api/v1/providers/okta/{id}

Get an individual Okta provider configuration.

* indicates a required field.

Path Parameters

Name
Type
Description

id*

string

The Okta provider configuration ID

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string"
  }
}

Delete Okta Provider

Delete Okta Provider

DELETE {{vezaURL}}/api/v1/providers/okta/{id}

Delete an Okta provider, removing all associated entities from Veza.

* indicates a required field.

Path Parameters

Name
Type
Description

id

string

ID of the configuration to delete

{}

Update OneLogin Provider

Update Okta Provider

PATCH {{vezaURL}}/api/v1/providers/okta/{id}

Update an existing provider configuration with new properties.

* indicates a required field.

Path Parameters

Name
Type
Description

{id}*

string

The Okta provider configuration ID

Query Parameters

Name
Type
Description

update_mask.paths

array[string]

the set of field mask paths

Request Body

Name
Type
Description

domain

string

region

string

token

string

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string"
  }
}

providers/onelogin

A OneLogin configuration includes the domain, region, and credentials to use for the connection:

{
  "name": "string",
  "domain": "string",
  "region": "string",
  "client_id": "string",
  "client_secret": "string",
  "data_plane_id": "string"
}

See connecting to OneLogin for steps to generate credentials for Veza-OneLogin API access.

List OneLogin Providers

List OneLogin Providers

GET {{vezaURL}}/api/v1/providers/onelogin

Gets all configured OneLogin providers.

* indicates a required field.

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string",
      "region": "string",
      "client_id": "string"
    }
  ]
}

Create OneLogin Provider

Create OneLogin Provider

POST {{vezaURL}}/api/v1/providers/onelogin

Submit a new OneLogin provider configuration. See

OneLogin

for more information about enabling Veza access to OneLogin metadata.

* indicates a required field.

Path Parameters

Name
Type
Description

name*

string

The name to show in Veza

domain*

string

Your company's OneLogin domain

region*

string

The region of the Onelogin instance, e.g.

us

client_id*

string

Client ID for the OneLogin key pair

client_secret*

string

Client Secret for the OneLogin ID pair

data_plane_id

string

Insight Point ID to use for the connection

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string",
    "region": "string",
    "client_id": "string"
  }
}

Get OneLogin Provider

Get OneLogin Provider

GET {{vezaURL}}/api/v1/providers/onelogin/{id}

Return the status and configuration for a single OneLogin provider configuration.

* indicates a required field.

Path Parameters

Name
Type
Description

id*

string

OneLogin provider ID

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string",
    "region": "string",
    "client_id": "string"
  }
}

Delete OneLogin Provider

Delete Onelogin Provider

DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}

Delete a OneLogin configuration and its discovered entities.

* indicates a required field.

Path Parameters

Name
Type
Description

id*

string

The OneLogin configuration to delete

{}

Update OneLogin Provider

Update OneLogin Provider

PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}

Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.

* indicates a required field.

Path Parameters

Name
Type
Description

{id}*

string

ID of the OneLogin configuration to update

Query Parameters

Name
Type
Description

update_mask.paths

array[string]

The set of field mask paths

Request Body

Name
Type
Description

name*

string

domain*

string

region*

string

client_id*

string

client_secret*

string

data_plane_id

string

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string",
      "region": "string",
      "client_id": "string"
    }
  ]
}
PreviousCloud Platforms and Data ProvidersNextData Sources

Last updated