🎯Integrations Overview

Veza provides built-in integrations for a comprehensive range of cloud infrastructure and service platforms, identity providers, on-premise & modern data ecosystems, and SaaS applications. The Open Authorization API (OAA) provides compatibility with in-house and proprietary applications and identity providers. See [Veza Integrations] for all supported integrations.

Integrations typically require only read-only permissions to the application to discover authorization metadata. After configuring an integration, Veza will periodically create snapshots of identities, resources, and authorization relationships for the provider, and calculate effective permissions and cross-service connections for users, groups, and other entities.

  • Veza automatically detects relationships connecting unique corporate identities (such as federated IdP users), the local accounts they can assume, and the resources they can act on (due to IAM policy, role assignment, group membership, app assignments, or other factors).

  • You can explore and visualize the entities and relationships that Veza discovers with Search, Insights, Access Reviews, and the Analytics dashboard.

  • Some integrations additionally support features such as Access Monitoring and Lifecycle Management.

  • To add useful context for search and access review, Veza collects attributes and configurations for each integration, shown in search results and detail views. Attribute filters can target these properties to create fine-grained searches and rules.

Native integrations

Veza builds native, in-platform integrations for most critical business systems. These integrations offer out-of-the-box support for cloud providers like AWS, Azure, and Google; identity provider solutions like Okta, and Azure AD, and modern data lake systems like Snowflake and Databricks.

Commonly used Veza integrations include:

The organization-wide coverage provided by Veza integrations might include a primary cloud provider (AWS), a corporate identity provider (Okta), a Customer Relationship Management platform (Salesforce), a Source Control Management system (GitHub), and a Data Warehouse (Snowflake). The same organization could additionally integrate Veza with SharePoint, in addition to custom applications added with the Open Authorization API.

  • Veza typically requires just a read-only service account to access and catalog a system's authorization metadata. More detail is contained within each integration configuration guide.

  • Veza collects data using cloud-native APIs and encrypted TLS/HTTPS. An Insight Point (lightweight agent) can be deployed within your infrastructure for data sources that do not support API-based access or systems where you do not allow inbound access from the internet.

  • The Veza Configuration page provides detailed integration status, overview, and control (change and add configurations, limit discovered services or entities, review status and logs). Each integration supports programmatic configuration with /v1 APIs.

  • Assessment queries for each integration come built-in, powering Veza insights. Reporting and Saved Queries offer pathways to identify, certify, and remediate over-privileged accounts, identify authorization risks and misconfigurations, and establish security baselines with rules and alerts.

Open Authorization API (OAA)

OAA offers support for adding custom applications, data systems, and identity providers to the authorization graph. Veza offers several open-source OAA connectors enabling identity-to-permissions mapping for software such as Slack, Gitlab, Jira Cloud, and other critical business applications.

Customers have used OAA to integrate a wide range of systems, including custom identity providers and internally developed applications. Both simple and complex integrations can be developed using the Python SDK and Veza’s Developer Documentation.

  • Data sourced using OAA integrations is available for use across the Veza Platform in our Search, Insights, and Workflows features.

  • OAA uses templates to model identities, resources, and authorization relationships for Custom Identity Providers and Custom Applications – typically sourced using an API or data export.

Orchestration Action Integrations

Administrators and developers can incorporate the power of Veza into other tools with built-in Orchestration Actions. To enable custom integrations, customer-facing APIs are available for most Veza functions. Some use cases include:

  • Post alerts to a Slack channel when anomalies are detected (Slack integration)

  • Integrate Workflows decisions with internal systems (AWF API)

  • Create Jira tickets for system events (anomaly or misconfiguration detected)

  • Generate service desk tickets for remediation with the ServiceNow integration

Last updated