LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • 🏠Veza Documentation
  • ☑️Getting Started
  • 📖Veza Glossary
  • ❓Product FAQ
  • 🛡️Security FAQ
    • Advanced Security FAQ
  • Release Notes
    • 🗒️Release Notes
      • Release Notes: 2025-05-14
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • 🔎Access Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • 💡Access Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • 🔏Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Entity Owners and Resource Manager Tags
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • 📊Access Monitoring
    • 🔄Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • ⚖️Separation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • ✨Veza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Row Access Policies
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • 🎯Integrations Overview
    • ⚠️Prerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • ⚙️Configuring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • ℹ️Running Veza Scripts with Python
  • Administration
    • 🛠️Veza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • 🌐Veza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • 🆕Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Veza’s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Integrations
  2. Configuring Integrations

Integrations FAQ

Integration architecture, connection methods, security measures, scheduling options, performance considerations, and specific integration details.

PreviousConfiguring IntegrationsNextExtraction and Discovery Intervals

Last updated 1 month ago

Was this helpful?

Core Integration Concepts

How do Veza integrations connect?

Veza connects to metadata sources (such as Identity Providers, Cloud Providers, SaaS Applications, and Data Lakes) through integrations managed on the Integrations page. Each integration periodically synchronizes to discover new data sources and extract current authorization metadata.

Veza integrations connect via read-only APIs to gather the necessary metadata information to create that integration’s access graph. Veza leverages the best-practice connection methodologies for each connector we build. Veza also generally supports additional connection methods, when another method defined by the target is the preferred method for the customer.

What metadata elements does Veza gather?

  • Identity Metadata: User attributes and entitlements, including role assignments and group memberships.

  • Employee Attributes: Unique identifiers (e.g., Employee Number, Unique ID), employment details (e.g., job title, employment status), and organizational structures (e.g., department, cost center).

  • Application Metadata: Local users, groups, roles, permissions, and metadata related to resources and data objects that identities can access.

  • Refer to individual integration guides for detailed information on supported entities and attributes.

How do integrations connect to data sources that restrict connectivity from outside a corporate network?

Deploying an Insight Point enables secure discovery of data sources that prohibit external connections from outside your corporate network. Typically deployed as a Docker container, Kubernetes service, or VM OVA, the Insight Point runs within your network to query internal-only data sources for authorization metadata and push that information to the Veza graph.

Insight Point Architecture

What is an Insight Point?

An Insight Point is a lightweight, static binary designed for secure metadata extraction within customer networks. It is packaged in various formats such as Docker container and OVA image, enabling integration of internal resources to Veza without direct/external exposure. The Insight Point performs local metadata collection and securely transmits the data to the customer’s Veza instance.

How does the Insight Point work?

Insight Points operate on a pull-based architecture:

  • The Insight Point will securely connect to the customer’s configured Veza instance to retrieve extraction tasks.

  • The Insight Point will take the response and perform the requested extraction work locally.

  • After extraction, the Insight Point transmits the data back to the configured Veza instance.

Is there any external connectivity to the Insight Point?

No. All communication is strictly unidirectional with all connections initiated from the Insight Point. Veza cannot initiate inbound connections to the Insight Point.

Can the Insight Point work with firewalls and network proxies?

Yes. Veza’s Insight Point supports working through corporate firewall configurations, network proxy requirements, and standard enterprise network security controls.

Integration Management and Performance

Can administrators schedule when extraction happens (e.g. during off-peak hours)?

Veza can schedule best-effort custom extraction intervals for different integrations. Each integration has a default extraction interval. Most integrations default to hourly extractions.

Administrators can customize this interval for each integration (1 hour to 30 days) on the System Settings page to optimize cost, performance, and data freshness. Some integrations, such as SharePoint and Snowflake, support activity-based extraction, enabling updates only when changes are detected.

How does Veza handle performance impact on P0 systems (databases, SaaS apps, etc.)

Veza minimizes impact on business-critical systems with rate-limited API calls, optimized queries, and configurable extraction intervals. For supported integrations, administrators can enable activity-based extractions that only trigger when changes are detected, and set limits on the specific services, entities, and attributes gathered by Veza.

What happens when extractions fail or are interrupted?

Each integration handles extraction errors based on application-specific best practices, using automatic retry logic for recoverable issues. Non-recoverable errors (like missing permissions or service unavailability) fail the extraction and trigger a retry at the next scheduled interval. Administrators can monitor all extraction statuses and errors through the integration Details view and the Events page. Veza also supports exporting these events to external systems.

What happens to long-running or incomplete extractions?

Unfinished jobs are eventually interrupted and retried at the next extraction interval to prevent pipeline delays. Large extractions can take some time to complete, and are allowed to run for extended periods.

End-to-End Security

How does Veza ensure the security of integration data?

Veza protects integration data with multiple security layers. See the Security FAQ for detailed information about Veza's security and encryption practices.

  • All communication uses TLS 1.2+ and AES-256 encryption.

  • Integration secrets (such as OAuth credentials and API keys) are securely stored, with the option to manage using external vaults.

  • Access to integration secrets is strictly limited to authorized Veza extraction services.

Platform-specific Integrations

How does Veza integrate to Microsoft Entra ID?

To integrate with Microsoft Entra ID, Veza connects through an Azure App Registration with read-only permissions to the Microsoft Graph API. It retrieves metadata about:

  • Entra ID roles and role assignments

  • Groups and group memberships

  • Users and their attributes

  • Service principals and their assigned roles

How does Veza integrate with Data Lakes (Snowflake)?

The Veza integration for Snowflake data lake discovery uses a local user configured with a role that grants access to metadata on:

  • Users and their attributes

  • Roles and role hierarchies

  • Resources (databases, schemas, tables, and views)

  • Permissions and access control policies

How does Veza integrate with SaaS apps (Salesforce)?

To integrate with Salesforce (SFDC), Veza connects via a Salesforce Connected App configured with API permissions to retrieve:

  • User profiles and permissions

  • Groups and their memberships

  • Permission sets and assignments

  • Data objects and access controls

  • Sharing rules and account shares

Optional permissions can be added for services like SharePoint, Intune, and Key Vault, depending on the resources Veza will access. For detailed configuration steps, see the .

The user must have usage privileges on a virtual warehouse (e.g. compute_wh). You can create an alternative system database with minimal required views for greater access control. Key pair authentication is available as an alternative to passwords. Secure communication between Veza and Snowflake is typically managed using an Insight Point. For detailed implementation steps, see the .

The Connected App uses an X.509 certificate for JWT-based OAuth 2.0 authentication. Veza analyzes permissions, group memberships, and account shares to provide insights and generate effective permissions. Integration configurations support object-level filters and license-based restrictions on the metadata Veza collects. For step-by-step setup instructions, see the .

⚙️
Microsoft Azure Integration Guide
Snowflake Integration Guide
Salesforce Integration Guide
Core Integration Concepts
How do Veza integrations connect?
What metadata elements does Veza gather?
How do integrations connect to data sources that restrict connectivity from outside a corporate network?
Insight Point Architecture
What is an Insight Point?
How does the Insight Point work?
Is there any external connectivity to the Insight Point?
Can the Insight Point work with firewalls and network proxies?
Integration Management and Performance
Can administrators schedule when extraction happens (e.g. during off-peak hours)?
How does Veza handle performance impact on P0 systems (databases, SaaS apps, etc.)
What happens when extractions fail or are interrupted?
What happens to long-running or incomplete extractions?
End-to-End Security
How does Veza ensure the security of integration data?
Platform-specific Integrations
How does Veza integrate to Microsoft Entra ID?
How does Veza integrate with Data Lakes (Snowflake)?
How does Veza integrate with SaaS apps (Salesforce)?