Naming and Identifying OAA Entities
Setting unique identifiers and human-readable names using OAA templates
Veza requires each entity to have a unique identifier, used within the template to reference entities (which groups a user is a member of) and for Veza to use to track and display the entity. This is true for both the Application and IdP templates
By default the templates use the name
field for this purpose. However, names are not unique within some applications. In this case the templates offer an optional id
as a unique identifier, allowing name
to function as a non-unique display name.
Custom Application
Local User, Local Group and Local Role have an optional value id
that can be provided for each entity that serves as the unique identifier.
To use
id
all Local Users, Local Groups and Local Roles must be defined with an ID. Thename
andid
can be the same value as long it is unique for the entity type. For example a local role can haveadmin
for both thename
andid
.The
id
value becomes the key for referencing local users, groups and roles in theidentity_to_permissions
section of the payload and for referencing group memberships.
Using id
s for mapping, instead of name
is recommended in most cases, especially if any of the following are true:
Entity names aren't unique in the application (if two users can have the name "Joe Doe" but each have a unique user id such as
email
orlogin
or the applications uniqueid
).The API references users, resources, and other entities by an ID instead of name. Using the same ID for the OAA payload will limit scenarios where you need to maintain a mapping of
id
toname
in your connector.
For Custom Application to use
id
for Local Users, Groups and Roles all entities must use theid
field. To use theid
field for Resources all Resources and Sub-Resources must have anid
Resources
Resources and Sub-resource each can have an optional id
value. When provided, the resource name
does not need to be unique. To use id
, all resources and sub-resources must be defined with a unique ID. The id
value will be used to assign resource permissions in identity_to_permissions
.
Custom IdP
Custom IdP also supports a optional unique identifier value identity
for Users and Groups. If not used, the entity name
must be unique and will be the primary identifier.
Last updated