⚙️Configuring Integrations

Integrations Page

The Integrations page is where you configure the connections between Veza and your Identity Providers, Cloud Providers, SaaS Applications, Data Lakes, and other systems.

The requirements for each integration are dependent on the system you are connecting to. See the list of supported integrations for links to configuration guides.

You can filter the list of all Integrations can by Name, Provider Type, and Status.

Integrations Detail Pages

Selecting an existing integration from the Integrations page opens an overview page providing information. You can switch between tabs to get more details about the configuration:

• Data Sources: Displays all discovered data sources in the integrated system

• Workers: Displays all of the Worker agents spawned by Veza to do discovery based on the architecture of the integrated system. Some integrations, such as cloud providers, will create several discoverers. Other integrations such as simple RBAC SaaS Applications or Data Sources connected with Veza’s Open Authorization API (OAA) will have no Workers.

• Properties: Displays properties and configuration settings for the chosen integration.

• Events: Displays log messages and events associated with the chosen integration.

Orchestration Actions Page

The Orchestration Actions page is where you configure the downstream integrations and webhooks that send notifications and take action on downstream systems such as ticketing platforms.

After an administrator has configured Orchestration Actions, users can assign them to Rules to enable automated alerts or ticket creation when conditions are met.

Orchestration Actions can be filtered by Name and Type

All Data Sources Page

The All Data Sources page lists all of the data sources that Veza is receiving authorization metadata from, based on the integrations configured in your tenant.

Data Sources can be filtered based on Name and Status.

Active Jobs Page

The Active Jobs page provides real-time intelligence on the Data Sources that are currently in progress, or have errors. You can use this page to quickly review data sources that need attention.

Data sources on the Active Jobs page can be filtered by Name.

Insight Points

Your deployment might involve one or more Insight Points for discovering data sources that prohibit external connections. For more information about deploying and connecting an Insight Point, see Deploying an Insight Point, or contact the Veza Customer Success team for additional help.

For security reasons, you will need to re-enter the credentials and secrets when changing the Insight Point associated with an integration.

Audit log extraction

Audit log extraction can be enabled as an experimental feature for some integrations. If enabled and configured for a supported cloud or data provider, Veza will periodically collect audit logs instead of conducting full extractions. When there are changes, the corresponding data source is marked "out of date" and queued for a full update.

• Audit log extraction must be enabled to collect usage history for Okta and Snowflake Access Monitoring and AWS monitoring with CloudTrail logs.

• Activity-based scheduling (currently available for SharePoint Online) can decrease the overall amount of API calls Veza makes to a service, helping to help avoid rate limits and reduce overall extraction time.

Integration extraction and discovery intervals

Veza connects to integrated systems on a periodic basis to check for newly-added datasources and update the Authorization Graph with the latest metadata and relationships. Typically, Veza refreshes graph data by extracting all supported entities and their attributes, which can take some time for very large datasources. You can customize these values on the System Settings page.

• Using a longer extraction time frame can reduce compute cost for systems such as Snowflake, where each extraction can incur API charges.

• Increasing the interval for integrations containing large datasources can prevent lag and long queues where one datasource delays extraction for other integrations and services.

To change the discovery or extraction intervals, go to System Settings and find the Pipeline section. Use the dropdown menus to set these values globally. Optionally, you can customize these intervals for individual providers. Start typing in the _Search* field to filter the list. Active overrides for each provider appear at the top of the list.

• Discovery interval can range from 15 minutes to 30 days. This value determines how often Veza connects to the provider to register new data sources.

• Extraction interval can range from 1 hour to 30 days. This value determines how often Veza connects to collect authorization metadata and update entities in the Authorization Graph.