LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • 🏠Veza Documentation
  • ☑️Getting Started
  • 📖Veza Glossary
  • ❓Product FAQ
  • 🛡️Security FAQ
    • Advanced Security FAQ
  • Release Notes
    • 🗒️Release Notes
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • 🔎Access Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • 💡Access Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • 🔏Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Managers and Resource Owners
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • 📊Access Monitoring
    • 🔄Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • ⚖️Separation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • ✨Veza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • 🎯Integrations Overview
    • ⚠️Prerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • ⚙️Configuring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • ℹ️Running Veza Scripts with Python
  • Administration
    • 🛠️Veza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • 🌐Veza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • 🆕Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Veza’s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page
  • providers/activedirectory
  • providers/okta
  • List Okta Providers
  • Create Okta Provider
  • Get Okta Provider
  • Delete Okta Provider
  • Update Okta Provider
  • providers/onelogin
  • List OneLogin Providers
  • Create OneLogin Provider
  • Get OneLogin Provider
  • Delete Onelogin Provider
  • Update OneLogin Provider

Was this helpful?

Export as PDF
  1. Developers
  2. 🌐Veza APIs
  3. Integration APIs

Identity Providers

API endpoints for configuring Okta and OneLogin

PreviousCloud Platforms and Data ProvidersNextData Sources

Last updated 9 months ago

Was this helpful?

You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.

AzureAD and Google Workspace identities are discovered by adding the associated Google Cloud account or Azure tenant as a .

  • providers/activedirectory

    • List Active Directory Providers

    • Create Active Directory Provider:

    • Get Active Directory Provider

    • Delete Active Directory Provider

    • Update Active Directory Provider

  • providers/okta

    • List Okta Providers

    • Create Okta Provider

    • Get Okta Provider

    • Delete Okta Provider

    • Update OneLogin Provider

  • providers/onelogin

    • List OneLogin Providers

    • Create OneLogin Provider

    • Get OneLogin Provider

    • Delete OneLogin Provider

    • Update OneLogin Provider

providers/activedirectory

See the configuration guide for the prerequisite steps to integrate Active Directory with Veza. An AD configuration has the following parameters:

{
  "ad_fqdn": "FQDN.NAME.ON.CERT",
  "name": "Test-AD",
  "host": "FQDN.FOR.DOMAIN.CONTROLLER",
  "port": 636,
  "ldaps_certificate": "Base64 Encoded String of PEM format",
  "username": "ADMIN",
  "password": "PASSWORD",
  "domains": ["FQDN.OF.DOMAIN"],
  "data_plane_id": "DATAPLAN_ID"
}

List Active Directory Providers

curl --location --request GET '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN'

The response will include all existing configurations, in the format:

{
    "values": [
        {
            "id": "interation-GUID",
            "vendor_id": "domain.controller.FQDN",
            "name": "ad_cct01",
            "type": "ACTIVE_DIRECTORY",
            "state": "ENABLED",
            "data_plane_id": "insight-point-GUID",
            "status": "SUCCESS",
            "host": "domain.controller.FQDN",
            "port": 636,
            "username": "read.only",
            "domains": [
                "corp.cookie.ai"
            ],
            "ad_fqdn": "cct01-ad-01.corp.cookie.ai",
            "identity_mapping_configuration": null
        }
    ]
}

Create Active Directory Provider:

curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
  "ad_fqdn": "FQDN.NAME.ON.CERT",
  "name": "Test-AD",
  "host": "FQDN.FOR.DOMAIN.CONTROLLER",
  "port": 636,
  "ldaps_certificate": "Base64 Encoded String of PEM format",
  "username": "ADMIN",
  "password": "PASSWORD",
  "domains": ["FQDN.OF.DOMAIN"],
  "data_plane_id": "DATAPLAN_ID"
}'

Get Active Directory Provider

curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
  "ad_fqdn": "FQDN.NAME.ON.CERT",
  "name": "Test-AD",
  "host": "FQDN.FOR.DOMAIN.CONTROLLER",
  "port": 636,
  "ldaps_certificate": "Base64 Encoded String of PEM format",
  "username": "ADMIN",
  "password": "PASSWORD",
  "domains": ["FQDN.OF.DOMAIN"],
  "data_plane_id": "DATAPLAN_ID"
}'

Delete Active Directory Provider

curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
--header 'Authorization: Bearer TOKEN'

Update Active Directory Provider

curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
    "port": 636
}'

providers/okta

An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:

{
  "id": "string",
  "domain": "string",
  "region": "string",
  "token": "string",
  "gather_all_applications": true,
  "domain_allow_list": [
    "string"
  ],
  "domain_deny_list": [
    "string"
  ],
  "app_allow_list": [
    "string"
  ],
  "app_deny_list": [
    "string"
  ]
}

See the Okta integration guide for more details on retrieving an Okta API token and registering your domain with Veza.

List Okta Providers

List Okta Providers

GET {{vezaURL}}/api/v1/providers/okta

Get the configuration and status for all configured Okta integrations.

* indicates a required field.

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string"
    }
  ]
}

Create Okta Provider

Create Okta Provider

POST {{vezaURL}}/api/v1/providers/okta

Submit a new Okta provider configuration.

* indicates a required field.

Request Body

Name
Type
Description

name*

string

Name for the Okta Provider

domain*

string

Okta domain

region*

string

The Okta region

us

data_plane_id

string

Provide if connecting via an Insight Point

token*

string

Okta API token

gather_all_applications

boolean

Whether to extract all apps or only selected

domain_allow_list

string list

Domains to explicitly allow

domain_deny_list

string list

Domains to exclude from discovery

app_allow_list

string list

Apps to explicitly allow

app_deny_list

string list

Apps to exclude from discovery

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string"
    }
  ]
}

Get Okta Provider

Get Okta Provider

GET {{vezaURL}}/api/v1/providers/okta/{id}

Get an individual Okta provider configuration.

* indicates a required field.

Path Parameters

Name
Type
Description

id*

string

The Okta provider configuration ID

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string"
  }
}

Delete Okta Provider

Delete Okta Provider

DELETE {{vezaURL}}/api/v1/providers/okta/{id}

Delete an Okta provider, removing all associated entities from Veza.

* indicates a required field.

Path Parameters

Name
Type
Description

id

string

ID of the configuration to delete

{}

Update OneLogin Provider

Update Okta Provider

PATCH {{vezaURL}}/api/v1/providers/okta/{id}

Update an existing provider configuration with new properties.

* indicates a required field.

Path Parameters

Name
Type
Description

{id}*

string

The Okta provider configuration ID

Query Parameters

Name
Type
Description

update_mask.paths

array[string]

the set of field mask paths

Request Body

Name
Type
Description

domain

string

region

string

token

string

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string"
  }
}

providers/onelogin

A OneLogin configuration includes the domain, region, and credentials to use for the connection:

{
  "name": "string",
  "domain": "string",
  "region": "string",
  "client_id": "string",
  "client_secret": "string",
  "data_plane_id": "string"
}

See connecting to OneLogin for steps to generate credentials for Veza-OneLogin API access.

List OneLogin Providers

List OneLogin Providers

GET {{vezaURL}}/api/v1/providers/onelogin

Gets all configured OneLogin providers.

* indicates a required field.

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string",
      "region": "string",
      "client_id": "string"
    }
  ]
}

Create OneLogin Provider

Create OneLogin Provider

POST {{vezaURL}}/api/v1/providers/onelogin

Submit a new OneLogin provider configuration. See

OneLogin

for more information about enabling Veza access to OneLogin metadata.

* indicates a required field.

Path Parameters

Name
Type
Description

name*

string

The name to show in Veza

domain*

string

Your company's OneLogin domain

region*

string

The region of the Onelogin instance, e.g.

us

client_id*

string

Client ID for the OneLogin key pair

client_secret*

string

Client Secret for the OneLogin ID pair

data_plane_id

string

Insight Point ID to use for the connection

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string",
    "region": "string",
    "client_id": "string"
  }
}

Get OneLogin Provider

Get OneLogin Provider

GET {{vezaURL}}/api/v1/providers/onelogin/{id}

Return the status and configuration for a single OneLogin provider configuration.

* indicates a required field.

Path Parameters

Name
Type
Description

id*

string

OneLogin provider ID

{
  "value": {
    "id": "string",
    "vendor_id": "string",
    "name": "string",
    "type": "UNKNOWN_PROVIDER",
    "state": "STARTED",
    "data_plane_id": "string",
    "status": "PENDING",
    "domain": "string",
    "region": "string",
    "client_id": "string"
  }
}

Delete OneLogin Provider

Delete Onelogin Provider

DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}

Delete a OneLogin configuration and its discovered entities.

* indicates a required field.

Path Parameters

Name
Type
Description

id*

string

The OneLogin configuration to delete

{}

Update OneLogin Provider

Update OneLogin Provider

PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}

Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.

* indicates a required field.

Path Parameters

Name
Type
Description

{id}*

string

ID of the OneLogin configuration to update

Query Parameters

Name
Type
Description

update_mask.paths

array[string]

The set of field mask paths

Request Body

Name
Type
Description

name*

string

domain*

string

region*

string

client_id*

string

client_secret*

string

data_plane_id

string

{
  "values": [
    {
      "id": "string",
      "vendor_id": "string",
      "name": "string",
      "type": "UNKNOWN_PROVIDER",
      "state": "STARTED",
      "data_plane_id": "string",
      "status": "PENDING",
      "domain": "string",
      "region": "string",
      "client_id": "string"
    }
  ]
}
cloud provider