Identity Provider and HRIS Enrichment
Create access reviews to include information from an integrated identity provider or human resource information system.
Early Access: Enrichment is currently provided on an opt-in basis. Please contact Veza Support to enable this feature. Enrichment requires an IDP or HRIS integration such as Okta, Active Directory, Azure AD, Workday, or a Custom Identity Provider.
Overview
You can configure access reviews to show additional human resource or identity metadata for users under review. When enabled, Veza will check for matching entities in an integrated Identity Provider or HRIS platform when creating the review. The linked user attributes are shown in columns, which reviewers can show, hide, or filter by for faster and more accurate decision-making.
For example, when reviewing local Snowflake user access to Snowflake databases, enabling this option will show the attributes of the linked Okta user for each local user, such as their risk score, first and last name, and whether MFA is enabled. Local users with no linked Okta users could be machine identities, or represent risky misconfigurations.
Similarly, an access review of Okta users to Okta applications can use this option to show information about the Workday Worker associated with each user, such as the cost center, hire date, or active status.
Enabling IDP/HRIS Metadata Enrichment
To enable IDP User columns in the reviewer interface, enable enrichment in the configuration scope:
Create or edit a configuration.
In the review scope, enable Advanced Options > Enrich with IdP/HRIS data.
Select from the list of supported entity types to enable result enrichment (such as "Workday Worker" for "Okta User"):
Save the configuration and create a review.
In the reviewer interface, use the column selector to enable columns for the "IDP User."
To configure the reviewer interface to show these columns by default, see Customizing Default Columns.
Last updated
