⚙️Configuring Integrations
Managing connected Integrations and Orchestration Actions
Last updated
Managing connected Integrations and Orchestration Actions
Last updated
Use the Veza Integrations section to add and manage all the connections between Veza and your Identity Providers, Cloud Providers, SaaS Applications, Data Lakes, and other systems.
To add an integration:
Choose Integrations on the Veza navigation bar.
Click Add Integration. You can filter integrations by type, choose a from integrations, or search for a specific integration.
Click the icon for the integration you want to add.
Configure the integration by completing the required fields.
Click Create Integration to save the configuration and queue the first synchronization.
The requirements for each integration depend on the system you are connecting to. See Veza Integrations for links to detailed integration guides.
Veza integrations can be assigned to and managed by different teams. This enables a least-privilege approach to integration management, where certain users have limited access to Veza for adding and editing specific integrations.
For example, you could create a team named "AWS Production" and invite key engineering team members with the "Integrations Manager" role. This will enable these users to manage and connect all AWS accounts within Veza, while preventing access to data from any integrations not explicitly assigned to their team.
As a Veza admin, you can create new teams and manage existing ones to enable dedicated managers for integrations. Note that Users with the "Integrations Manager" role must also have the "Viewer" role, or the user will not be able to log in.
To assign a team member to manage integrations within an existing team:
In Veza, go to Administration > Team Management.
Select the "Add Users" option in the corresponding team's row. You can also create and remove teams on this page.
Choose the user and assign them the "Integrations Manager" role.
To add or remove the "Integrations Manager" role for existing team members:
Go to Administration > User Management.
Locate the user you want to manage, and click "Change Roles"
Use the role selector to adjust their roles within existing teams, or add them to a new team.
On the Integrations page, you can filter the list of all Integrations by Name, Provider Type, and Status. Click View Dashboard to open the Access Intelligence Analytics dashboard for that integration.
Selecting an existing integration from the Integrations page opens an overview page providing information. You can switch between tabs to get more details about the configuration:
Data Sources: Displays all discovered data sources in the integrated system
Workers: Shows all of the Worker agents spawned by Veza to do discovery based on the architecture of the integrated system. Some integrations, such as cloud providers, will create several discoverers. Other integrations such as simple RBAC SaaS Applications or Data Sources connected with Veza’s Open Authorization API (OAA) will have no Workers.
Properties: Displays properties and configuration settings for the chosen integration.
Events: Displays log messages and events associated with the chosen integration.
The Orchestration Actions page is where you configure the downstream integrations and webhooks that send notifications and take action on downstream systems such as ticketing platforms.
After an administrator has configured Orchestration Actions, users can assign them to Rules to enable automated alerts or other actions such as creating tickets when conditions are met.
Orchestration Actions can be filtered by Name and Type. Use this tab to edit, test, or delete configured actions.
The All Data Sources page lists all of the data sources that Veza is receiving authorization metadata from, based on the integrations configured in your tenant.
Data Sources can be filtered based on Name and Status.
The Active Jobs page provides real-time intelligence on the Data Sources that are currently in progress, or have errors. You can use this page to review data sources that need attention.
Data sources on the Active Jobs page can be filtered by Name.
Your deployment might involve one or more Insight Points for discovering data sources prohibiting external connections. For more information about deploying and connecting an Insight Point, see Deploying an Insight Point, or contact the Veza Customer Success team for additional help.
For security reasons, you must re-enter the credentials and secrets when changing the Insight Point associated with an integration.
The Integrations > Enrichment page allows you to create and manage enrichment rules. These rules automatically categorize entities in your environment based on custom criteria. You can create rules to identify:
Non-Human Identities (NHI)
Privileged Access roles
Critical Resources
Enrichment rules use saved queries to identify entities and apply special attributes, which can then be used to create queries, reports, and access reviews. This automation helps streamline security operations and enhance visibility into your authorization landscape.
To create a new enrichment rule, click Create Rule and specify the rule type, integration, entity type, and saved query to use. You can also view, edit, enable/disable, and delete existing rules from this page.
For more detailed information on creating and managing enrichment rules, see the Enrichment Rules documentation.
Administrators can use the integration actions menu to enable or disable audit log extraction for supported integrations. If enabled and configured for a cloud or data provider, Veza will periodically collect audit logs instead of conducting full extractions. When there are changes, the corresponding data source is marked "out of date" and queued for a full update.
Audit log extraction must be enabled to collect usage history for Okta and Snowflake Access Monitoring and AWS monitoring with CloudTrail logs.
Activity-based scheduling (currently available for SharePoint Online) can decrease the overall amount of API calls Veza makes, helping to help avoid rate limits and reduce overall extraction time.
Veza periodically connects to integrated systems to discover new data sources and update the Authorization Graph with the latest metadata and relationships. You can customize how often these processes occur to optimize performance, reduce costs, and manage resource usage.
Key points about extraction and discovery intervals:
Discovery intervals (15 minutes to 30 days) determine how often Veza checks for new data sources.
Extraction intervals (1 hour to 30 days) set the frequency of authorization metadata updates.
Intervals can be set globally or customized for individual providers.
Adjusting these intervals can help balance update frequency with system performance and costs.
To learn more about customizing these intervals see the Extraction and Discovery Intervals documentation.
