search
Release Notes

Identity Providers

API endpoints for configuring Okta and OneLogin

You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.

circle-info

AzureAD and Google Workspace identities are discovered by adding the associated Google Cloud account or Azure tenant as a cloud provider.

hashtag
providers/activedirectory

See the configuration guide for the prerequisite steps to integrate Active Directory with Veza. An AD configuration has the following parameters:

List Active Directory Providers

The response will include all existing configurations, in the format:

Create Active Directory Provider

Get Active Directory Provider

Delete Active Directory Provider

Update Active Directory Provider

hashtag
providers/okta

An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:

See the Okta integration guide for more details on retrieving an Okta API token and registering your domain with Veza.

List Okta Providers

hashtag
List Okta Providers

GET {{vezaURL}}/api/v1/providers/okta

Get the configuration and status for all configured Okta integrations.

* indicates a required field.

Create Okta Provider

hashtag
Create Okta Provider

POST {{vezaURL}}/api/v1/providers/okta

Submit a new Okta provider configuration.

* indicates a required field.

hashtag
Request Body

Name
Type
Description

name*

string

Name for the Okta Provider

domain*

string

Okta domain

region*

string

The Okta region

us

data_plane_id

string

Provide if connecting via an Insight Point

token*

string

Okta API token

gather_all_applications

boolean

Whether to extract all apps or only selected

domain_allow_list

string list

Domains to explicitly allow

domain_deny_list

string list

Domains to exclude from discovery

app_allow_list

string list

Apps to explicitly allow

app_deny_list

string list

Apps to exclude from discovery

Get Okta Provider

hashtag
Get Okta Provider

GET {{vezaURL}}/api/v1/providers/okta/{id}

Get an individual Okta provider configuration.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

id*

string

The Okta provider configuration ID

Delete Okta Provider

hashtag
Delete Okta Provider

DELETE {{vezaURL}}/api/v1/providers/okta/{id}

Delete an Okta provider, removing all associated entities from Veza.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

id

string

ID of the configuration to delete

Update Okta Provider

hashtag
Update Okta Provider

PATCH {{vezaURL}}/api/v1/providers/okta/{id}

Update an existing provider configuration with new properties.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

{id}*

string

The Okta provider configuration ID

hashtag
Query Parameters

Name
Type
Description

update_mask.paths

array[string]

the set of field mask paths

hashtag
Request Body

Name
Type
Description

domain

string

region

string

token

string

hashtag
providers/onelogin

A OneLogin configuration includes the domain, region, and credentials to use for the connection:

See connecting to OneLogin for steps to generate credentials for Veza-OneLogin API access.

List OneLogin Providers

hashtag
List OneLogin Providers

GET {{vezaURL}}/api/v1/providers/onelogin

Gets all configured OneLogin providers.

* indicates a required field.

Create OneLogin Provider

hashtag
Create OneLogin Provider

POST {{vezaURL}}/api/v1/providers/onelogin

Submit a new OneLogin provider configuration. See

OneLogin

for more information about enabling Veza access to OneLogin metadata.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

name*

string

The name to show in Veza

domain*

string

Your company's OneLogin domain

region*

string

The region of the Onelogin instance, e.g.

us

client_id*

string

Client ID for the OneLogin key pair

client_secret*

string

Client Secret for the OneLogin ID pair

data_plane_id

string

Insight Point ID to use for the connection

Get OneLogin Provider

hashtag
Get OneLogin Provider

GET {{vezaURL}}/api/v1/providers/onelogin/{id}

Return the status and configuration for a single OneLogin provider configuration.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

id*

string

OneLogin provider ID

Delete OneLogin Provider

hashtag
Delete Onelogin Provider

DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}

Delete a OneLogin configuration and its discovered entities.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

id*

string

The OneLogin configuration to delete

Update OneLogin Provider

hashtag
Update OneLogin Provider

PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}

Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.

* indicates a required field.

hashtag
Path Parameters

Name
Type
Description

{id}*

string

ID of the OneLogin configuration to update

hashtag
Query Parameters

Name
Type
Description

update_mask.paths

array[string]

The set of field mask paths

hashtag
Request Body

Name
Type
Description

name*

string

domain*

string

region*

string

client_id*

string

client_secret*

string

data_plane_id

string

PreviousDisable AWS Services using Provider Management APIsNextData Sources

Last updated

Was this helpful?