Integrations
Overview of supported Lifecycle Management integrations in Veza, with capabilities and supported actions for target applications and sources of identity.
Overview
This document provides an introduction to integrations supported by Veza Lifecycle Management (LCM), including their capabilities and supported actions. These integrations enable you to automate identity and access management workflows across your identity sources and target applications.
Veza's Open Authorization API (OAA) can support provisioning and deprovisioning for applications not natively supported by the Veza platform. With OAA, Veza or customers can build integrations to any application that has a suitable and accessible API or integration interface.
Supported Integrations
Identity Sources
Identity sources are authoritative systems that provide information about user identities. While Veza does not require write permissions to the identity source of truth, some of these integrations are also supported as provisioning targets. Integrations can also allow write-back of a user's newly created email address to the user's record in the source of identity as part of the initial provisioning workflow.
Veza currently supports the following as sources of identity for Lifecycle Management workflows:
Cloud-based identity management service
Cloud-based CRM and business application platform
Cloud-based human capital management platform
Yes
HR platform for modern businesses
Extended workforce solution
HR, payroll, and workforce management
Oracle HCM
Human capital management cloud
Yes
Neurons IT asset and service management platform
Custom human resource information system integration using OAA templates
Yes
Generic identity provider integration via OAA templates
Target Application Support
The entire catalog of Veza application integrations is Lifecycle Management-ready. Target application support in Lifecycle Management leverages Veza's existing native- and OAA-based integrations plus an intelligent shim layer in order to provide support for provisioning and de-provisioning.
As such, target application support in Lifecycle Management can be enabled for nearly every Veza-supported integration.
Validated Integrations
The following table lists the out-of-the-box, Veza-validated target application integrations for Lifecycle Management.
Active Directory
✅
✅
✅
-
Groups, Direct Assignments
AWS IAM Identity Center
✅
✅
✅
-
Groups, Permission Sets
Microsoft Azure AD (Microsoft Entra ID)
✅
✅
✅
-
Groups, App Roles, Directory Roles
Custom Application (OAA Template)
✅
✅
✅
-
Application Groups
Custom Principal
✅
✅
✅
-
Principal Groups
Exchange Server
❌
❌
❌
Create Email
-
Exchange Online
✅
❌
❌
Create Email, Create Distribution Group
Distribution Groups
GitHub
✅
✅
❌
-
Teams, Repositories
Google Workspace (Google Cloud)
✅
✅
✅
-
Groups, IAM Roles
Okta
✅
✅
✅
-
Groups, Application Assignments
Oracle Fusion Cloud
✅
✅
✅
-
Roles, Responsibilities
PTC Windchill
✅
❌
✅
-
Groups, Roles
Salesforce
✅
✅
✅
-
Permission Sets, Profiles, Groups
SAP ECC
✅
✅
✅
-
Roles, Profiles
SCIM
✅
✅
✅
-
Groups, Roles
ServiceNow
❌
❌
❌
Custom Table Updates
-
Snowflake
✅
✅
✅
-
Roles, Warehouses
Veza
✅
✅
❌
-
Groups, Roles
Workday
✅
❌
❌
Security Groups, Business Process Security Policies
Other Suppported Integrations
For any Veza-supported application not listed above, please reach out to your Customer Success Manager for more details and instructions on how to enable the specific Veza integration for use with Lifecycle Management as a target application for provisioning and de-provisioning.
Configuring Integrations for Lifecycle Management
Insight Points for Lifecycle Management
An Insight Point is required to enable Lifecycle Management operations and identity discovery for systems that Veza cannot access directly, such as an on-premises application server behind a firewall. The Insight Point is a lightweight connector that runs in your environment, enabling secure gathering and processing of authorization metadata for LCM tasks.
A Veza Insight Point is typically deployed as a Docker container or VM OVA, running within your network for metadata discovery and LCM job execution. This ensures secure communication between your environment and Veza.
Scheduled and Manual Extractions
You can configure extraction intervals for your integrations to ensure data is regularly updated for Lifecycle Management processes.
Go to Veza Administration > System Settings
In the Pipeline > Extraction Interval section, set the global extraction interval
To override the global setting for specific integrations, use the Active Overrides section
Available extraction intervals are:
Auto (hourly, but may take longer when the extraction pipeline is full)
15 Minutes
1 Hour
6 Hours
12 Hours
1 Day
2 Days
3 Days
7 Days
30 Days
To manually trigger an extraction:
Go to Integrations > All Data Sources
Search for the desired data source
Select Actions > Start Extraction
Note: Custom application payloads are extracted after the payload is pushed to Veza using the Open Authorization API.
Enabling Lifecycle Management
To enable Lifecycle Management for a specific integration:
Browse to the main Veza Integrations page, or go to Lifecycle Management > Integrations
Search for the integration you want to enable
Toggle the Lifecycle Management option to Enabled
Checking on Lifecycle Management Data Sources
To verify the health of the Lifecycle Management data source:
Use the main Veza navigation menu to open the Lifecycle Management > Integrations page or the Veza Integrations overview
Search for the integration and click the name to view details
In the Properties panel, click the magnifying glass icon under Lifecycle Management Enabled
Additional Resources
For more information:
Refer to individual integration documentation for detailed LCM capabilities
Consult the Lifecycle Management user guide for troubleshooting and best practices
Contact Veza support for assistance with enabling or configuring LCM for your integrations
Last updated
Was this helpful?
