Integrations
Overview of supported Lifecycle Management integrations in Veza, with capabilities and supported actions for target applications and sources of identity.
Overview
This document provides an introduction to the integrations supported by Veza Lifecycle Management (LCM), including their capabilities and the actions they support. These integrations enable you to automate identity and access management workflows across your identity sources and target applications.
Veza's Open Authorization API (OAA) can support provisioning and deprovisioning for applications not natively supported by the Veza platform. With OAA, Veza or customers can build integrations to any application that has a suitable and accessible API or integration interface.
Supported Integrations
Identity Sources
Identity sources are authoritative systems that provide information about user identities. While Veza does not require write permissions to the identity source of truth, some of these integrations are also supported as provisioning targets. Integrations can also allow write-back of a user's newly created email address to the user's record in the source of identity as part of the initial provisioning workflow.
Veza currently supports the following as sources of identity for Lifecycle Management workflows:
Custom IDP
A platform to integrate your authentication systems to manage user access and corporate resources
Oracle HCM
Human capital management cloud
Yes
Target Application Support
The entire catalog of Veza application integrations is Lifecycle Management-ready. Target application support in Lifecycle Management leverages Veza's existing native- and OAA-based integrations plus an intelligent shim layer in order to provide support for provisioning and de-provisioning.
As such, target application support in Lifecycle Management can be enabled for nearly every Veza-supported integration.
Validated Integrations
The following table lists the out-of-the-box, Veza-validated target application integrations for Lifecycle Management.
Active Directory
✅
✅
✅
Reset Password, Create Entitlements
ActiveDirectoryGroup
Atlassian Cloud
❌
✅
✅
-
-
AWS SSO
✅
✅
✅
Create Entitlement
AwsSsoGroup
Azure
✅
✅
✅
Create Email, Create Entitlement
AzureADGroup, AzureADRole, ExchangeOnlineDistributionGroup, AzureADLicense
Custom Application (OAA Template)
✅
✅
✅
-
Application Groups
Custom Principal
✅
✅
✅
-
Principal Groups
Exchange Server
❌
❌
❌
Create Email
-
GitHub User
✅
✅
✅
-
GithubOrganization, GithubTeam
Google Workspace (Google Cloud)
✅
✅
✅
-
GoogleWorkspaceGroup
Okta
✅
✅
✅
Reset Password, Create Entitlement
OktaGroup
Oracle Fusion Cloud
❌
✅
✅
-
-
Oracle HCM
❌
✅
❌
-
-
Salesforce IAM
✅
✅
✅
-
SalesforceGroup, SalesforcePermissionSet, SalesforcePermissionSetGroup, SalesforceProfile, SalesforceUserRole
SAP ECC
✅
✅
✅
-
SapEccRole
SCIM
❌
✅
✅
-
-
ServiceNow IAM
❌
❌
❌
Custom Action
-
Snowflake
✅
✅
✅
-
SnowflakeRole
SwiftConnect
❌
✅
✅
-
-
Workday
✅
✅
❌
-
WorkdaySecurityGroup
Veza
✅
✅
✅
-
VezaRoleBinding, VezaAccessProfile, VezaGroup
Other Supported Integrations
For any Veza-supported application not listed above, please contact your Customer Success Manager for more details and instructions on how to enable the specific Veza integration for use with Lifecycle Management as a target application for provisioning and de-provisioning.
Configuring Integrations for Lifecycle Management
Insight Points for Lifecycle Management
An Insight Point is required to enable Lifecycle Management operations and identity discovery for systems that Veza cannot access directly, such as an on-premises application server behind a firewall. The Insight Point is a lightweight connector that runs in your environment, enabling secure gathering and processing of authorization metadata for LCM tasks.
A Veza Insight Point is typically deployed as a Docker container or VM OVA, running within your network for metadata discovery and LCM job execution. This ensures secure communication between your environment and Veza.
For deployment instructions, refer to the Insight Point Documentation.
Scheduled and Manual Extractions
You can configure extraction intervals for your integrations to ensure data is regularly updated for Lifecycle Management processes.
Go to Veza Administration > System Settings
In the Pipeline > Extraction Interval section, set the global extraction interval
To override the global setting for specific integrations, use the Active Overrides section
Available extraction intervals are:
Auto (hourly, but may take longer when the extraction pipeline is full)
15 Minutes
1 Hour
6 Hours
12 Hours
1 Day
2 Days
3 Days
7 Days
30 Days
To manually trigger an extraction:
Go to Integrations > All Data Sources
Search for the desired data source
Select Actions > Start Extraction
Note: Custom application payloads are extracted after the payload is pushed to Veza using the Open Authorization API.
Enabling Lifecycle Management
To enable Lifecycle Management for a specific integration:
Browse to the main Veza Integrations page, or go to Lifecycle Management > Integrations
Search for the integration you want to enable
Toggle the Lifecycle Management option to Enabled
Checking on Lifecycle Management Data Sources
To verify the health of the Lifecycle Management data source:
Use the main Veza navigation menu to open the Lifecycle Management > Integrations page or the Veza Integrations overview
Search for the integration and click the name to view details
In the Properties panel, click the magnifying glass icon under Lifecycle Management Enabled
Additional Resources
For more information:
Refer to individual integration documentation for detailed LCM capabilities
Consult the Lifecycle Management user guide for troubleshooting and best practices
Contact Veza support for assistance with enabling or configuring LCM for your integrations
Last updated
Was this helpful?