⚠️Prerequisites and Connectivity

To ensure a smooth onboarding process, configure your environment to allow communication with essential Veza IP addresses and email domains.

Domain Filtering

The following domains should be allowed through email filters, proxies, and firewalls:

• Email notifications: When a Veza local account is created, an email is sent to the user to create their password. This email comes from [email protected].

• Veza tenant domain: The domain for your Veza instance will be *.vezacloud.com, where * represents your Veza tenant name.

• Insight Point: If using an Insight Point, access to public.ecr.aws must be allowed for the Veza Insight Point.

Firewall Rules and Filters

Veza integrations connect to data sources across your on-premise environment, cloud providers, and SaaS applications. Most integrations use API tokens or other credentials to query for authorization metadata.

By default, integrations run on the Veza SaaS platform. If your organization filters inbound connections to applications you want to integrate with Veza, allow traffic from the following Veza NAT Gateway IP addresses in your firewall rules or filters, depending on the region where Veza is deployed:

• North America regions:

  • 18.221.224.60

  • 3.18.38.252

  • 52.14.66.128

• Europe, Middle East, and Africa regions:

  • 18.133.37.58

  • 18.171.45.61

  • 13.42.176.0

Insight Point Connectivity

When configuring an integration, you can choose to use an Insight Point managed by your organization. An Insight Point allows querying authorization metadata within your environment, with no inbound calls from your Veza tenant to integrated data sources.

When using this option, outbound traffic must be enabled, to allow the Insight Point to transmit authorization metadata securely to your Veza tenant. The Insight Point must also be able to pull images from the Veza ECR repository, as detailed in Insight Point: Ports and Connectivity.