Entities

Configuring an identity, cloud, or data provider allows Veza to catalog a comprehensive range of authorization metadata, including information about IdP identities, local users and service accounts, groups, roles, and policies, and services and data resources. These entities make up the Veza Data Catalog, which you can search from Authorization Graph or the Query Builder and audit with Workflows.

Entities represent the authorization, data, and identity objects discovered by Veza, as shown in search results or on the Entities page. Entities can be data services or resources, identity domains, users or groups, and IAM or RBAC elements such as policies and roles.

• Queries typically will specify source and destination entity types, such as Okta User to AWS S3 Bucketc or Google User to Google Group. High-level groups of Entities, such as All Users or All Resources, enable search for several entity types at one time.

• Entity Attributes are the rich metadata associated with an entity, to enable granular filters based on a range of possible properties. These attributes may be added by Veza during parsing (such as name, is human, or full admin), or ingested directly from the provider (such as mfa_enabled, is_encrypted).

To see all connected providers and the entities Veza has discovered, navigate to Data Catalog > Entities.

Entity catalog navigation

Selecting a provider type from the list on the left will show tiles for each entity type associated with that provider (such as Okta Users or AWS IAM Policies):

Viewing entity details

You can select a tile to open the results in a table view. To view or sort by attributes that Veza has collected, add additional Columns using the dropdown menu. The available properties will change based on the selected entity type:

Search, tags, and data export

From the Entity Catalog table view, you can select rows to

• View the entities in Authorization Graph

• Include or exclude the results in CSV/PDF export

• Add a Veza Tag