Workflows Glossary
Key concepts for Access and Entitlement Workflows
This document provides descriptions and reference links for important concepts, terms, and UI elements you will encounter when using Veza Workflows.
Term | Definition | Category |
---|---|---|
Approve | Certification decision to accept the access specified by the certification item (as legitimate access). | |
Access Reviewer | Role for viewing and acting on assigned certification items | |
Access and Entitlement Workflows (interface) | The name of the panel/page where Workflows and Certifications are created, managed, and certified. | Veza Features, Workflows |
Admin | Role authorized for adding resources to Veza, changing system configurations, and managing users. Has all Operator and Access Reviewer privileges. | |
Authorization Graph | As a concept, represents all the authorization and entity metadata Veza has collected from connected apps, identity providers, and cloud providers. You can view the latest contents of the graph using the Entity Catalog. "Authorization Graph" can also refer to the Search feature. | Veza Features, Search |
Bulk Action | Apply a certification action or decision across a set of certification items using multi-selection checkboxes | |
Certification (action) | The process of reviewing a certification results and making decisions on their items. | |
Certification (data object) | Represents a scheduled instance of access review for a Workflow. Each has its own deadline and set of reviewers. Creating a certification generates a snapshot of authorization paths for the workflow query results, using the latest graph data. These results can then be reviewed and attested (certified) by one or more reviewers. | |
Certification (view) | The Certification interface reviewers use to make decisions on results (accessed using Workflows -> Selected Workflow -> Certifications -> New/Continue). | |
Certification Group | One or more certifications created for using the same Workflow (including recertifications). | |
Certification Item (result) | A source to destination path (typically representing the permissions an identity has on a resource, through various groups and roles. Can include information about intermediate waypoint entities such as groups, roles, permissions, or local user accounts. | |
Complete | Status indicating all the certification items were signed off before the certification due date | Certification Status |
Default Reviewer | Individual(s) explicitly specified as Reviewers (able to make decisions for all results) when a certification is created. | |
Final Reminders | Type of email notification, sent as escalated reminders for remaining certification tasks. | |
Expired | Status indicating not all the certification items were signed off (after the certification due date) | Certification Status |
Orchestration Action | A Slack, Jira, ServiceNow, or Webhook instance configured to enable downstream processes around certification actions (such as ticket creation or automated remediation) | |
Mark as Fixed | Certification action to mark that remediation has occurred for a certification item (can be a signed-off item) | |
Notification | Email reminder (typically sent when a reviewer is assigned, or as the due date approaches). | |
Operator | Role for creating Workflows and certifications, in addition to Access Reviewer privileges for all the items in certifications they create | |
Pending | Status indicating that some items still need sign-off (before the certification due date) | Certification Status |
Reassign | Certification action to appoint another reviewer for an individual certification result. | |
Reject | Certification decision to repudiate the access specified by the certification item (as illegitimate access). | |
Reminder | Type of email notification, sent as reminders for remaining certification tasks. | |
Resource Manager | The Individual(s) who are the manager of the resource included in the certification results | |
Sign Off | Certification action to finalize the decision on a certification item, making it immutable | |
Smart Action | Apply a certification action or decision across a set of certification items that meet the specified filtering criteria | |
Uncertified | Status indicating that no certification items are signed off (before the certification due date) | Certification Status |
User Manager | The individual(s) who are the manager of the user included in the certification results | |
Webhook | Enables custom automation/integrations by publishing events and details to external destinations with POST requests. | |
Workflow (object) | Represents a scheduled access or entitlement review, including 1: a query defining the scope of the audit 2: default notification and integration settings, inherited by all certifications on the workflow 3: metadata such as a name and description, for identification and internal reference. | |
Workflow Destination | The final node of a Workflow Query. Each result (item for certification) will include the effective permissions between the source and destination entities. | |
Workflow Query | Includes a source entity type, destination entity type, and other search parameters. Results are shown in Certifications as items for review and sign-off. Workflow queries can be very broad (All Users to All Resources) or very specific, including filters on tags, attributes, and intermediate node requirements. | |
Workflow Source | The initial node of a Workflow Query. Entities of the Source type are included in certification results for review and attestation if a relationship exists between that entity and another entity of the Destination type. |
Last updated