User Guide
Complete guide to navigating and using Veza Access Hub for self-service access visibility and team management.
This documentation provides a general guide to the Veza Access Hub. Specific features, labels, and workflows may vary based on your organization's unique configuration. Always refer to internal policies and Veza administrators for precise details relevant to your environment.
Navigating Access Hub
All Access Hub sections are accessible from the main navigation menu after logging in:
My Team - Get information about access for your direct reports, including pending reviews and access outliers
My Access - View comprehensive information about your own access rights and entitlements across all connected systems
Access Reviews - Complete access certification campaigns and review tasks assigned to you
Access Profiles - Manage requestable Access Profiles that you own or are assigned to you
Catalog - Browse systems you can request access to and manage your pending Access Requests
Settings (Administrators only) - System-level configurations, including controls for product and entity type visibility in Access Hub
ℹ️ Note: Available sections depend on your role and organization's Access Hub configuration. Contact your administrator if you expect to see sections that aren't visible.
My Access: Self-Service Visibility
The My Access page empowers every user with transparency and control over their digital footprint within the organization. Its core purpose is self-service visibility into all applications and resources any user has permission to access.
Primary Use Cases
End users leverage the My Access page to:
Verify Current Access - Confirm that access is accurate and appropriate for their current role and responsibilities
Identify Access Gaps - Spot entitlements they no longer need or essential access they might be missing
Initiate Access Changes - When Access Requests are enabled, serve as the starting point to evaluate if new access or modifications are needed
Information Categories
On the My Access overview, users can expect to find their access organized by the following categories:
Applications
A comprehensive list of all software and platforms they can use. For each integration added to Veza, this page shows the total entities of each type a user is related to.
Access relationships are detected using the latest Authorization Graph data
Visibility of individual integrations and entity types can be configured by administrators
Real-time updates reflect current access permissions
Access Profiles
Access Profiles associated with the user are displayed when:
Lifecycle Management (LCM) is configured in your organization
The user has a provisioned LCM Identity
Access Profiles are assigned to the user's LCM Identity
ℹ️ Note: If LCM is not configured or you don't have an LCM Identity, this section will not appear. Access Profiles functionality requires Lifecycle Management licensing.
Top Roles
Integrations where the user has access to the most number of Role entity types are highlighted, providing quick insight into areas of elevated access.
Login Activity
The My Access Overview displays a visual login activity heatmap showing your authentication patterns over the last 7 days. This security feature helps identify:
Login Frequency - Visual representation of daily login activity
Access Patterns - When and how often you access systems
Security Monitoring - Unusual login patterns that may warrant attention
ℹ️ Note: Managers viewing team members' access through My Team can also see their direct reports' login activity patterns for security oversight.
Common Functionality
From the My Access overview, users can access several important capabilities. Clicking on any entity type opens the Resources tab for details about specific permissions and access grants.
Search and Filtering
Overview: Search across resource types to quickly find specific categories
Resources: Filter by resource type using the dropdown selector
Identifying Access Issues
Review your access to identify discrepancies. Contact your manager or IT support through your organization's standard channels to report any concerns.
Identity Context
The My Access > Overview tab displays the top-level identity for the logged-in user (e.g., their Okta account) along with related organizational information such as manager relationship, employee ID, location and department.
ℹ️ Note: Access Hub automatically correlates your identity across systems using your organization's identity provider configuration and Authorization Graph data.
Understanding the "Resources" Tab
The Resources tab provides detailed drill-down capabilities for any entity type shown in your access overview. When you click on a specific entity type (such as "Okta App" or "Veza Local Role"), the My Access > Resources tab displays a filtered list of the specific resources you have access to.
Navigation and Interaction
The Resources tab integrates seamlessly with the Overview tab. This focused view enables quick identification of your specific resource access across integrated systems:
Click any entity type summary in Overview to open Resources view filtered to that type
Use the Resource Type dropdown to switch between different access categories
Return to Overview for a high-level access summary and investigate other applications and entity types.
Data Structure and Display
The Resources tab presents your access information in a simple, clean table format:
Core information includes the Resource ID (technical identifier for each resource), Resource Name (human-readable name of the resource), and column visibility toggles.
Use the Resource Type dropdown to filter results by specific entity types and pagination controls to navigate through large result sets (30 items per page default).
Resources Details View
The Resources tab provides a comprehensive, table-based interface for examining specific entities you have access to. This detailed view goes beyond the high-level summaries in the Overview tab to show individual resources and their properties.
Accessing the Details View
ℹ️ Note: The Resources details view works for both your own access and when managers are viewing team members' access.
Navigate to My Access > Resources tab
Use the Resource Type dropdown to select a specific entity type (e.g., "Okta App", "AWS Role", "Google Cloud Project")
The table will display all individual entities of that type you have access to
Table Features
Search & Filtering
Resource Type Filter - Select specific entity types from the dropdown to focus on particular categories of access
Search Box - Filter results by resource name using substring matching
Real-time Results - Filters apply immediately as you type or select options
Table Controls
Sortable Columns - Click column headers to sort results alphabetically
Column Visibility - Show or hide specific entity properties using the column visibility controls
Pagination - Navigate through large result sets with automatic pagination
Configurable Page Size - Adjust how many results display per page
Information Display
The Resources details table shows:
Resource ID - Technical identifier for each entity
Resource Name - Human-readable name of the entity
Additional Properties - Configurable columns showing entity-specific metadata (visibility can be toggled)
ℹ️ Note: Use the column visibility controls to customize which entity properties are displayed, helping you focus on the information most relevant to your access review needs.
Manager Access to Team Member Details
When viewing a team member's access through My Team, managers can access the same detailed Resources view:
Click on any team member tile in My Team
Navigate to their Resources tab
Use the same filtering and search capabilities to examine their specific entity-level access
This provides managers with granular visibility into exactly what resources their team members can access across all integrated systems.
My Team: Manager Dashboard
The My Team view provides managers with an interface that combines their personal access overview with team management capabilities. This unified dashboard allows managers to monitor their team's access-related activities from a single location.
Access Review Management
Use the at-a-Glance Review Summaries for immediate visibility into pending certification work:
Reviews Remaining - Total number of distinct open access review campaigns assigned to you
Items Remaining - Total count of individual access items across all pending reviews needing action
Due This Week - Count of access reviews with imminent deadlines
Each review includes a link to open specific review tasks.
Direct Report Oversight
Managers can use this dashboard to get visibility into team access patterns. On the My Team overview, tiles show each individual direct reports and provide access to detailed information:
Individual tiles showing team member names and basic information
Clicking a tile opens comprehensive team member access details similar to the My Access view (Overview and Resources tabs)
Access Details for Team Members
Clicking on any team member tile opens their detailed access information using the same interface structure as the My Access view:
Overview Tab - Shows each entity type the team member relates to in the Authorization Graph, organized by integration (e.g., Okta, Veza) with entity counts.
Resources Tab - Provides the detailed resource list with Resource ID and Resource Name for any selected entity type.
Additional Context - Team member's organizational information, manager relationships, and assigned Access Profiles (when applicable).
For example, when reviewing a team member's access, you might see their assigned Okta Groups, Okta Apps, and other integration-specific access.
ℹ️ Note: For users without direct reports, the My Team view is not available and will not appear in the navigation menu. The interface automatically adapts based on your managerial responsibilities.
How Manager Relationships Work
Veza identifies managerial relationships through several mechanisms, which are primarily used in the My Team dashboard and for features like auto-assigning Access Reviews. This manager identification enables several important capabilities:
Managers can view any direct report's access on their My Team page
Automatic routing of access reviews requiring managerial approval
Streamlined access request workflows that require manager endorsement
Enhanced visibility into team access patterns and potential risks
Manager Identification Methods
Global IdP Veza utilizes the manager attribute directly from your organization's Global IdP (such as Okta or Azure AD) when available.
Entity Owners Administrators can directly assign "Entity Owners" to user entities and other resources within the Veza platform. This is the preferred method for explicitly defining management or ownership relationships.
Legacy Tags A tag SYSTEM_resource_managers can be applied to entities, containing the ID of a manager for backward compatibility.
Custom IdP For custom Identity Providers, manager relationships can be defined within the data payload provided to Veza during integration setup.
Configuration Requirements
⚠️ Warning: To enable manager relationship functionality in Access Hub, administrators must configure the appropriate settings.
For detailed configuration instructions, consult the Access Reviews configuration documentation.
Enabling this manager relationship model ensures that organizational hierarchy is properly reflected in access governance processes while maintaining appropriate privacy and security controls.
Getting Help and Support
If you encounter issues or have questions about your access:
Contact IT Support - Use your organization's standard IT support channels for technical issues
Reach Out to Your Manager - For access-related questions or concerns about permissions
Consult Internal Policies - Refer to your organization's access management and security policies
Administrator Assistance - Contact your Veza administrator for platform-specific questions
For additional information about Access Hub capabilities and configuration, see the related documentation links throughout this guide.
Last updated
Was this helpful?