You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.
providers/activedirectory
See the configuration guide for the prerequisite steps to integrate Active Directory with Veza. An AD configuration has the following parameters:
{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}
List Active Directory Providers
curl --location --request GET '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN'
The response will include all existing configurations, in the format:
{
"values": [
{
"id": "interation-GUID",
"vendor_id": "domain.controller.FQDN",
"name": "ad_cct01",
"type": "ACTIVE_DIRECTORY",
"state": "ENABLED",
"data_plane_id": "insight-point-GUID",
"status": "SUCCESS",
"host": "domain.controller.FQDN",
"port": 636,
"username": "read.only",
"domains": [
"corp.cookie.ai"
],
"ad_fqdn": "cct01-ad-01.corp.cookie.ai",
"identity_mapping_configuration": null
}
]
}
Create Active Directory Provider:
curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'
Get Active Directory Provider
curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'
Delete Active Directory Provider
curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
--header 'Authorization: Bearer TOKEN'
Update Active Directory Provider
curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"port": 636
}'
providers/okta
An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:
{
"id": "string",
"domain": "string",
"region": "string",
"token": "string",
"gather_all_applications": true,
"domain_allow_list": [
"string"
],
"domain_deny_list": [
"string"
],
"app_allow_list": [
"string"
],
"app_deny_list": [
"string"
]
}
See the Okta integration guide for more details on retrieving an Okta API token and registering your domain with Veza.
List Okta Providers
List Okta Providers
GET {{vezaURL}}/api/v1/providers/okta
Get the configuration and status for all configured Okta integrations.
* indicates a required field.
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}
Create Okta Provider
Create Okta Provider
POST {{vezaURL}}/api/v1/providers/okta
Submit a new Okta provider configuration.
* indicates a required field.
Request Body
Name for the Okta Provider
Provide if connecting via an Insight Point
Whether to extract all apps or only selected
Domains to explicitly allow
Domains to exclude from discovery
Apps to exclude from discovery
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}
Get Okta Provider
Get Okta Provider
GET {{vezaURL}}/api/v1/providers/okta/{id}
Get an individual Okta provider configuration.
* indicates a required field.
Path Parameters
The Okta provider configuration ID
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}
Delete Okta Provider
Delete Okta Provider
DELETE {{vezaURL}}/api/v1/providers/okta/{id}
Delete an Okta provider, removing all associated entities from Veza.
* indicates a required field.
Path Parameters
ID of the configuration to delete
Update OneLogin Provider
Update Okta Provider
PATCH {{vezaURL}}/api/v1/providers/okta/{id}
Update an existing provider configuration with new properties.
* indicates a required field.
Path Parameters
The Okta provider configuration ID
Query Parameters
the set of field mask paths
Request Body
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}
providers/onelogin
A OneLogin configuration includes the domain, region, and credentials to use for the connection:
{
"name": "string",
"domain": "string",
"region": "string",
"client_id": "string",
"client_secret": "string",
"data_plane_id": "string"
}
See connecting to OneLogin for steps to generate credentials for Veza-OneLogin API access.
List OneLogin Providers
List OneLogin Providers
GET {{vezaURL}}/api/v1/providers/onelogin
Gets all configured OneLogin providers.
* indicates a required field.
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}
Create OneLogin Provider
Create OneLogin Provider
POST {{vezaURL}}/api/v1/providers/onelogin
Submit a new OneLogin provider configuration. See
OneLogin
for more information about enabling Veza access to OneLogin metadata.
* indicates a required field.
Path Parameters
Your company's OneLogin domain
The region of the Onelogin instance, e.g.
us
Client ID for the OneLogin key pair
Client Secret for the OneLogin ID pair
Insight Point ID to use for the connection
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}
Get OneLogin Provider
Get OneLogin Provider
GET {{vezaURL}}/api/v1/providers/onelogin/{id}
Return the status and configuration for a single OneLogin provider configuration.
* indicates a required field.
Path Parameters
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}
Delete OneLogin Provider
Delete Onelogin Provider
DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}
Delete a OneLogin configuration and its discovered entities.
* indicates a required field.
Path Parameters
The OneLogin configuration to delete
Update OneLogin Provider
Update OneLogin Provider
PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}
Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.
* indicates a required field.
Path Parameters
ID of the OneLogin configuration to update
Query Parameters
The set of field mask paths
Request Body
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}
