# OAA Templates OAA utilizes templates (JSON schema) for structuring authorization and identity metadata, combined with a REST API to register, update and manage the data. Once uploaded, Veza processes the template payload and incorporates the entities and permissions into the Authorization Metadata Graph. Choosing the appropriate template is the first step in creating a new integration with OAA. The template provides a schema for describing the identities, resources, and authorization relationships local to the OAA data source. ### Custom Application For most applications, SaaS Apps and systems the [Custom Application Template](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/templates/custom-application-template.md) provides a generic and flexible model to capture authorization data for users and groups to the system and its resources. A custom application is structured with the following main entities: * Application * Resource * Sub-resource * Sub-resource * Additional sub-resources * Local Users * Local Groups * Local Roles * Local Permissions * Identity-to-permissions binding ### Custom Identity Provider Intended for modeling sources of users, group, and federated identity metadata, the [Custom Identity Provider Template](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/templates/custom-identity-provider-template.md) can be used to enumerate users and groups that access other external applications and resources, similar to built-in connectors for Okta and AzureAD. These users and groups typically represent the top-level corporate identities within an organization. A Custom Identity Provider can have the following entities: * Domains * Users * Groups The Custom IdP template also includes the option to define AWS Roles that are assumable by users and groups and can work with Access Review Workflows to auto-assign resource managers. ### Custom Principal For modeling sources of identities (users, groups, and tenants) that connect to other OAA data sources on the same provider, the [Custom Principal Template](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/templates/custom-principal-template.md) provides a lightweight identity model. Unlike the Custom IdP, which models a full identity provider with domains, the Principal template is designed to feed users and groups into Custom Application or other templates on the same provider. A Custom Principal is structured with: * Tenant * Users * Groups ### Secret Store For modeling secret and credential management systems, the [Secret Store Template](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/templates/secret-store-template.md) captures vaults, entries, permissions, and identity access mappings. Use this template to connect custom or self-hosted credential management systems that are not covered by a native Veza integration. A Secret Store is structured with: * Secret Store * Permissions * Vaults * Entries * Identities * Identity-to-Permission Bindings ### Entity Enrichment The [Entity Enrichment Template](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/templates/entity-enrichment-template.md) adds custom property values to entities that already exist in the Veza authorization graph from other integrations. Use this template to attach supplemental metadata (such as compliance status, cost center, or internal identifiers) to entities discovered by native integrations. An Entity Enrichment submission contains: * Enriched entity property definitions (schema declarations) * Enriched entities (entity references with property values) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/oaa/templates.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.