â ī¸Prerequisites and Connectivity
To ensure a smooth onboarding process, configure your environment to allow communication with essential Veza IP addresses and email domains.
Domain Filtering
The following domains should be allowed through email filters, proxies, and firewalls:
Email notifications: When a Veza local account is created, an email is sent to the user to create their password. This email comes from
noreply@vezacloud.com.Veza tenant domain: The domain for your Veza instance will be
*.vezacloud.com, where*represents your Veza tenant name.Insight Point: If using an Insight Point, access to
public.ecr.awsmust be allowed for the Veza Insight Point.
Firewall Rules and Filters
Veza integrations connect to data sources across your on-premise environment, cloud providers, and SaaS applications. Most integrations use API tokens or other credentials to query for authorization metadata.
By default, integrations run on the Veza SaaS platform. If your organization filters inbound connections to applications you want to integrate with Veza, allow traffic from the following Veza NAT Gateway IP addresses in your firewall rules or filters, depending on the region where Veza is deployed:
North America regions:
18.221.224.603.18.38.25252.14.66.128
Europe, Middle East, and Africa regions:
18.133.37.5818.171.45.6113.42.176.0
Insight Point Connectivity
When configuring an integration, you can choose to use an Insight Point managed by your organization. An Insight Point allows querying authorization metadata within your environment, with no inbound calls from your Veza tenant to integrated data sources.
When using this option, outbound traffic must be enabled, to allow the Insight Point to transmit authorization metadata securely to your Veza tenant. The Insight Point must also be able to pull images from the Veza ECR repository, as detailed in Insight Point: Ports and Connectivity.
Last updated