Identity Providers
API endpoints for configuring Okta and OneLogin
Last updated
Was this helpful?
API endpoints for configuring Okta and OneLogin
Last updated
Was this helpful?
You can manage Veza Identity Provider integrations using the management API and a Veza admin .
providers/activedirectory
The response will include all existing configurations, in the format:
providers/okta
An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:
GET
{{vezaURL}}/api/v1/providers/okta
Get the configuration and status for all configured Okta integrations.
*
indicates a required field.
POST
{{vezaURL}}/api/v1/providers/okta
Submit a new Okta provider configuration.
*
indicates a required field.
name*
string
Name for the Okta Provider
domain*
string
Okta domain
region*
string
The Okta region
us
data_plane_id
string
Provide if connecting via an Insight Point
token*
string
Okta API token
gather_all_applications
boolean
Whether to extract all apps or only selected
domain_allow_list
string list
Domains to explicitly allow
domain_deny_list
string list
Domains to exclude from discovery
app_allow_list
string list
Apps to explicitly allow
app_deny_list
string list
Apps to exclude from discovery
GET
{{vezaURL}}/api/v1/providers/okta/{id}
Get an individual Okta provider configuration.
*
indicates a required field.
id*
string
The Okta provider configuration ID
DELETE
{{vezaURL}}/api/v1/providers/okta/{id}
Delete an Okta provider, removing all associated entities from Veza.
*
indicates a required field.
id
string
ID of the configuration to delete
PATCH
{{vezaURL}}/api/v1/providers/okta/{id}
Update an existing provider configuration with new properties.
*
indicates a required field.
{id}*
string
The Okta provider configuration ID
update_mask.paths
array[string]
the set of field mask paths
domain
string
region
string
token
string
providers/onelogin
A OneLogin configuration includes the domain, region, and credentials to use for the connection:
GET
{{vezaURL}}/api/v1/providers/onelogin
Gets all configured OneLogin providers.
*
indicates a required field.
POST
{{vezaURL}}/api/v1/providers/onelogin
Submit a new OneLogin provider configuration. See
for more information about enabling Veza access to OneLogin metadata.
*
indicates a required field.
name*
string
The name to show in Veza
domain*
string
Your company's OneLogin domain
region*
string
The region of the Onelogin instance, e.g.
us
client_id*
string
Client ID for the OneLogin key pair
client_secret*
string
Client Secret for the OneLogin ID pair
data_plane_id
string
Insight Point ID to use for the connection
GET
{{vezaURL}}/api/v1/providers/onelogin/{id}
Return the status and configuration for a single OneLogin provider configuration.
*
indicates a required field.
id*
string
OneLogin provider ID
DELETE
{{vezaURL}}/api/v1/providers/onelogin/{id}
Delete a OneLogin configuration and its discovered entities.
*
indicates a required field.
id*
string
The OneLogin configuration to delete
PATCH
{{VezaURL}}/api/v1/providers/onelogin/{id}
Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.
*
indicates a required field.
{id}*
string
ID of the OneLogin configuration to update
update_mask.paths
array[string]
The set of field mask paths
name*
string
domain*
string
region*
string
client_id*
string
client_secret*
string
data_plane_id
string
See the configuration guide for the prerequisite steps to integrate with Veza. An AD configuration has the following parameters:
See the integration guide for more details on retrieving an Okta API token and registering your domain with Veza.
See for steps to generate credentials for Veza-OneLogin API access.