Workflows Glossary
Key concepts for Access and Entitlement Workflows
This document provides descriptions and reference links for important concepts, terms, and UI elements you will encounter when using Veza Workflows.
Last updated
Key concepts for Access and Entitlement Workflows
This document provides descriptions and reference links for important concepts, terms, and UI elements you will encounter when using Veza Workflows.
Last updated
Term | Definition | Category |
---|---|---|
Approve
Certification decision to accept the access specified by the certification item (as legitimate access).
Access Reviewer
Role for viewing and acting on assigned certification items
Access and Entitlement Workflows (interface)
The name of the panel/page where Workflows and Certifications are created, managed, and certified.
Veza Features, Workflows
Admin
Role authorized for adding resources to Veza, changing system configurations, and managing users. Has all Operator and Access Reviewer privileges.
Authorization Graph
As a concept, represents all the authorization and entity metadata Veza has collected from connected apps, identity providers, and cloud providers. You can view the latest contents of the graph using the Entity Catalog. "Authorization Graph" can also refer to the Search feature.
Veza Features, Search
Bulk Action
Apply a certification action or decision across a set of certification items using multi-selection checkboxes
Certification (action)
The process of reviewing a certification results and making decisions on their items.
Certification (data object)
Represents a scheduled instance of access review for a Workflow. Each has its own deadline and set of reviewers. Creating a certification generates a snapshot of authorization paths for the workflow query results, using the latest graph data. These results can then be reviewed and attested (certified) by one or more reviewers.
Certification (view)
The Certification interface reviewers use to make decisions on results (accessed using Workflows -> Selected Workflow -> Certifications -> New/Continue).
Certification Group
One or more certifications created for using the same Workflow (including recertifications).
Certification Item (result)
A source to destination path (typically representing the permissions an identity has on a resource, through various groups and roles. Can include information about intermediate waypoint entities such as groups, roles, permissions, or local user accounts.
Complete
Status indicating all the certification items were signed off before the certification due date
Certification Status
Default Reviewer
Individual(s) explicitly specified as Reviewers (able to make decisions for all results) when a certification is created.
Final Reminders
Type of email notification, sent as escalated reminders for remaining certification tasks.
Expired
Status indicating not all the certification items were signed off (after the certification due date)
Certification Status
Orchestration Action
A Slack, Jira, ServiceNow, or Webhook instance configured to enable downstream processes around certification actions (such as ticket creation or automated remediation)
Mark as Fixed
Certification action to mark that remediation has occurred for a certification item (can be a signed-off item)
Notification
Email reminder (typically sent when a reviewer is assigned, or as the due date approaches).
Operator
Role for creating Workflows and certifications, in addition to Access Reviewer privileges for all the items in certifications they create
Pending
Status indicating that some items still need sign-off (before the certification due date)
Certification Status
Reassign
Certification action to appoint another reviewer for an individual certification result.
Reject
Certification decision to repudiate the access specified by the certification item (as illegitimate access).
Reminder
Type of email notification, sent as reminders for remaining certification tasks.
Resource Manager
The Individual(s) who are the manager of the resource included in the certification results
Sign Off
Certification action to finalize the decision on a certification item, making it immutable
Smart Action
Apply a certification action or decision across a set of certification items that meet the specified filtering criteria
Uncertified
Status indicating that no certification items are signed off (before the certification due date)
Certification Status
User Manager
The individual(s) who are the manager of the user included in the certification results
Webhook
Enables custom automation/integrations by publishing events and details to external destinations with POST requests.
Workflow (object)
Represents a scheduled access or entitlement review, including 1: a query defining the scope of the audit 2: default notification and integration settings, inherited by all certifications on the workflow 3: metadata such as a name and description, for identification and internal reference.
Workflow Destination
The final node of a Workflow Query. Each result (item for certification) will include the effective permissions between the source and destination entities.
Workflow Query
Includes a source entity type, destination entity type, and other search parameters. Results are shown in Certifications as items for review and sign-off. Workflow queries can be very broad (All Users to All Resources) or very specific, including filters on tags, attributes, and intermediate node requirements.
Workflow Source
The initial node of a Workflow Query. Entities of the Source type are included in certification results for review and attestation if a relationship exists between that entity and another entity of the Destination type.