# Hubspot

The Veza integration for HubSpot enables discovery of users, teams, and roles on the HubSpot CRM platform, enabling search, insights, and access reviews involving user access to HubSpot.

The integration includes out-of-the-box queries. You can modify these based on your actual environment to create dashboards and rules for the risks and trends you want to monitor:

* All HubSpot local user accounts
* HubSpot roles that have users assigned
* Number of users who have been granted the Super Admin role in HubSpot
* Total number of HubSpot Roles
* All HubSpot local Teams
* HubSpot teams that have users assigned
* HubSpot Local Users with an Okta identity
* HubSpot Local Users who do not have an Okta identity
* HubSpot Local Users with an Azure AD identity
* HubSpot Local Users who do not have an Azure AD identity

This document includes steps to enable the HubSpot integration in Veza, and supported entity details.

### Configuring the HubSpot Integration

To configure the integration, you will need a HubSpot access token for a private app.

Creating a private app enables Veza to use HubSpot's APIs to access specific data within your HubSpot account using an access token unique to the private app. You can create an app by following the instructions in [Private Apps](https://developers.hubspot.com/docs/api/private-apps). You must be a super admin to access private apps in your HubSpot account.

#### Create a HubSpot private app and access token

1. In HubSpot, click the settings icon in the main navigation bar.
2. On the left sidebar, open **Integrations** > **Private Apps**.
3. Click **Create Private App**.
4. On the **Basic Info** tab, configure the details of your app:
   * Enter your app's name.
   * Hover over the placeholder logo and click the upload icon to upload a square image that will serve as the logo for your app.
   * Enter a description for your app.
5. Click the **Scopes** tab to add required scopes:
   * `settings.users.teams.read`
   * `settings.users.read`
   * `crm.objects.users.read`
   * ![HubSpot required scopes](/files/V0p3qVLntUptQ2Z40WKo)
6. Click **Create App** in the top right to save your changes.
7. On the **Auth** tab of the application details, click **Show Token** and copy the app access token:
   * ![Retrieving an app access token](/files/IcAyobg4kRGHG1rjuzl9)

#### Enable the HubSpot integration in Veza

1. In Veza, open the **Integrations** page.
2. Click **Add New** and pick HubSpot as the type of integration to add.
3. Enter the required information and **Save** the configuration.

| Field             | Notes                                                                                                                               |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| **Name**          | A unique display name for the HubSpot organization.                                                                                 |
| **Insight Point** | Use the default setting unless using an external [Insight Point](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md). |
| **Token**         | Trusted access token for the HubSpot private app.                                                                                   |

### Notes and Supported Entities

The HubSpot integration uses standard custom application entity types to model users, teams, and permissions in the Access Graph:

* HubSpot User → Local User
* HubSpot Teams → Local Groups
* HubSpot Permission Sets → Local Roles
  * HubSpot Permission Sets will only be collected for Enterprise HubSpot subscriptions.

Veza collects the following attributes for HubSpot entities:

| Entity | Property                   | Description                                   |
| ------ | -------------------------- | --------------------------------------------- |
| User   | `email`                    | User's email address                          |
| User   | `principal_id`             | User's ID provided by HubSpot                 |
| User   | `primary_team_name`        | User's primary team name                      |
| User   | `primary_team_id`          | User's list of secondary team names           |
| User   | `superadmin`               | True if the user is a Super Admin             |
| User   | `role_name`                | User's role                                   |
| User   | `created_at`               | Timestamp User created at                     |
| User   | `deactivated_at`           | Timestamp User deactivated at                 |
| User   | `password_last_changed_at` | Timestamp User's password was last updated at |
| Group  | `id`                       | Team's ID provided by HubSpot                 |
| Group  | `name`                     | Team's name                                   |
| Role   | `id`                       | Role's ID provided by HubSpot                 |
| Role   | `name`                     | Role's name                                   |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/hubspot.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.