Veza automatically detects relationships connecting unique corporate identities (such as federated IdP users), the local accounts they can assume, and the resources they can act on (due to IAM policy, role assignment, group membership, app assignments, or other factors).
To add useful context for search and access review, Veza collects attributes and configurations for each integration, shown in search results and detail views. Attribute filters can target these properties to create fine-grained searches and rules.
Veza builds native, in-platform integrations for most critical business systems. These integrations offer out-of-the-box support for cloud providers like AWS, Azure, and Google; identity provider solutions like Okta, and Azure AD, and modern data lake systems like Snowflake and Databricks.
Commonly used Veza integrations include:
The organization-wide coverage provided by Veza integrations might include a primary cloud provider (AWS), a corporate identity provider (Okta), a Customer Relationship Management platform (Salesforce), a Source Control Management system (GitHub), and a Data Warehouse (Snowflake). The same organization could additionally integrate Veza with SharePoint, in addition to custom applications added with the Open Authorization API.
Veza typically requires just a read-only service account to access and catalog a system's authorization metadata. More detail is contained within each integration configuration guide.
Data sourced using OAA integrations is available for use across the Veza Platform in our Search, Insights, and Workflows features.
Veza provides built-in integrations for a comprehensive range of cloud infrastructure and service platforms, identity providers, on-premise & modern data ecosystems, and SaaS applications. The Open Authorization API (OAA) provides compatibility with in-house and proprietary applications and identity providers. See for all supported integrations.
Integrations typically require only read-only permissions to the application to discover authorization metadata. After an integration, Veza will periodically create snapshots of identities, resources, and authorization relationships for the provider, and calculate effective permissions and cross-service connections for users, groups, and other entities.
You can explore and visualize the entities and relationships that Veza discovers with Search, Insights, Access Reviews, and the .
Some integrations additionally support features such as and .
Cloud Providers (IAM, Data Systems, Services): , ,
Identity Providers: , , , .
SaaS Apps: , , , .
Legacy and on-premise data sources: ,
Veza collects data using cloud-native APIs and encrypted TLS/HTTPS. An (lightweight agent) can be deployed within your infrastructure for data sources that do not support API-based access or systems where you do not allow inbound access from the internet.
The Veza Configuration page provides detailed integration status, overview, and control (change and add configurations, limit discovered services or entities, review status and logs). Each integration supports programmatic configuration with .
for each integration come built-in, powering Veza insights. Reporting and Saved Queries offer pathways to identify, certify, and remediate over-privileged accounts, identify authorization risks and misconfigurations, and establish security baselines with rules and alerts.
offers support for adding custom applications, data systems, and identity providers to the authorization graph. Veza offers several open-source OAA connectors enabling identity-to-permissions mapping for software such as Slack, Gitlab, Jira Cloud, and other critical business applications.
Customers have used OAA to integrate a wide range of systems, including custom identity providers and internally developed applications. Both simple and complex integrations can be developed using the and Veza’s .
OAA uses to model identities, resources, and authorization relationships for Custom Identity Providers and Custom Applications – typically sourced using an API or data export.
Administrators and developers can incorporate the power of Veza into other tools with built-in . To enable custom integrations, customer-facing APIs are available for most Veza functions. Some use cases include:
Post alerts to a Slack channel when anomalies are detected ( integration)
Integrate Workflows decisions with internal systems ()
Create tickets for system events (anomaly or misconfiguration detected)
Generate service desk tickets for remediation with the integration