# Configuring Integrations Use the Veza **Integrations** section to add and manage all the connections between Veza and your Identity Providers, Cloud Providers, SaaS Applications, Data Lakes, and other systems. To add an integration: 1. Choose **Integrations** on the Veza navigation bar. 2. Click **Add Integration**. You can filter integrations by type, choose a from integrations, or search for a specific integration.\ ![Add Integration Menu](/files/Jc2sZ93OhNCZWbziwl5s) 3. Click the icon for the integration you want to add. 4. Configure the integration by completing the required fields. 5. Click **Create Integration** to save the configuration and queue the first synchronization. The requirements for each integration depend on the system you are connecting to. See [Veza Integrations](/4yItIzMvkpAvMVFAamTf/integrations/integrations.md) for links to detailed integration guides. {% hint style="info" %} Some integrations are not available as built-in platform integrations. For these, Veza provides downloadable OAA connector scripts that run in your environment. See [OAA Connector Scripts](/4yItIzMvkpAvMVFAamTf/integrations/configuration/oaa-connectors.md) for the full list. {% endhint %} ## Integrations Management Veza integrations can be assigned to and managed by different [teams](/4yItIzMvkpAvMVFAamTf/administration/administration/users/teams.md). This enables a least-privilege approach to integration management, where certain users have limited access to Veza for adding and editing specific integrations. For example, you could create a team named "AWS Production" and invite key engineering team members with the "Integrations Manager" role. This will enable these users to manage and connect all AWS accounts within Veza, while preventing access to data from any integrations not explicitly assigned to their team. {% hint style="info" %} **Integration Management Permissions (Early Access)**: With Access Controls enabled, administrators can implement per-integration access control, restricting who can create, update, or delete specific integrations beyond team-based restrictions. See [Manage Integration Permissions](/4yItIzMvkpAvMVFAamTf/integrations/configuration/manage-integration-permissions.md) for details. {% endhint %} ### Assigning Integrations Managers As a Veza admin, you can create new teams and manage existing ones to enable dedicated managers for integrations. Note that Users with the "Integrations Manager" role must also have the "Viewer" role, or the user will not be able to log in. To assign a team member to manage integrations within an existing team: 1. In Veza, go to **Administration > Team Management**. 2. Select the "Add Users" option in the corresponding team's row. You can also create and remove teams on this page. 3. Choose the user and assign them the "Integrations Manager" role. To add or remove the "Integrations Manager" role for existing team members: 1. Go to **Administration > User Management**. 2. Locate the user you want to manage, and click "Change Roles" 3. Use the role selector to adjust their roles within existing teams, or add them to a new team. ### Integrations Detail Pages On the **Integrations** page, you can filter the list of all Integrations by *Name*, *Provider Type*, and *Status*. Click **View Dashboard** to open the Access Intelligence Analytics dashboard for that integration. Selecting an existing integration from the **Integrations** page opens an overview page providing information. You can switch between tabs to get more details about the configuration: * **Data Sources**: Displays all discovered data sources in the integrated system * **Workers**: Shows all of the Worker agents spawned by Veza to do discovery based on the architecture of the integrated system. Some integrations, such as cloud providers, will create several discoverers. Other integrations such as simple RBAC SaaS Applications or Data Sources connected with Veza’s Open Authorization API (OAA) will have no Workers. * **Properties**: Displays properties and configuration settings for the chosen integration. * **Events**: Displays log messages and events associated with the chosen integration. ### Veza Actions Page The Veza Actions page is where you configure the downstream integrations and webhooks that send notifications and take action on downstream systems such as ticketing platforms. After an administrator has configured [Veza Actions](/4yItIzMvkpAvMVFAamTf/administration/administration/notifications.md), users can assign them to [Rules](/4yItIzMvkpAvMVFAamTf/features/search/saved-queries.md#assign-rules-to-saved-queries) to enable automated alerts or other actions such as creating tickets when conditions are met. Veza Actions can be filtered by *Name* and *Type*. Use this tab to edit, test, or delete configured actions. ### All Data Sources Page The **All Data Sources** page lists all of the data sources that Veza is receiving authorization metadata from, based on the integrations configured in your tenant. Data Sources can be filtered based on *Name* and *Status*. An **Error Message** column displays human-readable error descriptions inline, so administrators can quickly identify and diagnose extraction failures without opening each data source individually. The Datasource tab and Worker tab within an integration also include an **Error Message** column. From this page, you can manually trigger extraction for any data source by clicking the **Start Extraction** button in the Actions column. This allows you to immediately synchronize data without waiting for the next scheduled extraction interval. For more information about manual extraction, see [Extraction and Discovery Intervals](/4yItIzMvkpAvMVFAamTf/integrations/configuration/extraction.md#manualon-demand-extraction). ### Active Jobs Page The **Active Jobs** page provides real-time intelligence on the Data Sources that are currently in progress, or have errors. You can use this page to review data sources that need attention. Data sources on the Active Jobs page can be filtered by *Name*. An **Error Message** column surfaces human-readable error descriptions for data sources with failures. ### Insight Points Your deployment might involve one or more Insight Points for discovering data sources prohibiting external connections. For more information about deploying and connecting an Insight Point, see [Deploying an Insight Point](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md), or contact the Veza Customer Success team for additional help. For security reasons, you must re-enter the credentials and secrets when *changing* the Insight Point associated with an integration. ### Enrichment The **Integrations** > **Enrichment** page allows you to create and manage enrichment rules. These rules automatically categorize entities in your environment based on custom criteria. You can create rules to identify: * Non-Human Identities (NHI) * Privileged Access roles * Critical Resources Enrichment rules use saved queries to identify entities and apply special attributes, which can then be used to create queries, reports, and access reviews. This automation helps streamline security operations and enhance visibility into your authorization landscape. To create a new enrichment rule, click **Create Rule** and specify the rule type, integration, entity type, and saved query to use. You can also view, edit, enable/disable, and delete existing rules from this page. For more detailed information on creating and managing enrichment rules, see the [Enrichment Rules](/4yItIzMvkpAvMVFAamTf/integrations/configuration/enrichment.md) documentation. ### Audit Log Extraction Administrators can use the integration actions menu to enable or disable audit log extraction for supported integrations. If enabled and configured for a cloud or data provider, Veza will periodically collect audit logs instead of conducting full extractions. When there are changes, the corresponding data source is marked "out of date" and queued for a full update. * Audit log extraction must be enabled to collect usage history for Okta and Snowflake [Access Monitoring](/4yItIzMvkpAvMVFAamTf/features/activity-monitoring.md) and [AWS monitoring with CloudTrail logs](/4yItIzMvkpAvMVFAamTf/integrations/integrations/aws/activity-monitoring.md). * Activity-based scheduling (currently available for [SharePoint Online](/4yItIzMvkpAvMVFAamTf/integrations/integrations/azure.md#3-enable-sharepoint-integration-optional)) can decrease the overall amount of API calls Veza makes, helping to help avoid rate limits and reduce overall extraction time. ### Integration Extraction and Discovery Intervals Veza periodically connects to integrated systems to discover new data sources and update the Access Graph with the latest metadata and relationships. You can customize how often these processes occur to optimize performance, reduce costs, and manage resource usage. Key points about extraction and discovery intervals: * Discovery intervals (15 minutes to 30 days) determine how often Veza checks for new data sources. * Extraction intervals (1 hour to 30 days) set the frequency of authorization metadata updates. * Intervals can be set globally or customized for individual providers. * Adjusting these intervals can help balance update frequency with system performance and costs. To learn more about customizing these intervals see the [Extraction and Discovery Intervals](/4yItIzMvkpAvMVFAamTf/integrations/configuration/extraction.md) documentation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.