1 of 17

Integration APIs

Programmatic configuration of providers and data sources

The Veza management API enables internal tooling to automate administration of cloud providers and data sources. Each supported provider has endpoints to get, create, and modify the current configurations, which can be useful when integrating with environments spanning many provider accounts.

These customer-facing APIs are all available under the prefix <VezaURL>/api/v1/, for example:

https://company.veza.com/api/v1/providers/datasources

Notes

A data plane ID is required when adding a custom provider. This value refers to the Insight Point used for discovery, or the GUID of the built-in data plane. To get all available IDs, navigate to Administration > Insight Point. Unless you have deployed an Insight Point within your environment, the only entry will be for the internal data plane.
If a request is unsuccessful, an error message will provide additional details and troubleshooting steps.

Authentication

You can issue new API keys from Administration > API Keys > . Provide the key as the bearer auth token in the header of each request.

Users must have the role to add/modify provider configurations. Configurations can be viewed by users with the operator role.

Sample Integrations and Tools

Please contact your support team for private repository access.

Register Accounts - Use the management API to add multiple AWS accounts from CSV.

Veza Python Client - Simple Python class for making REST API calls to Veza.

Cloud Formation Stacks - Configure multiple AWS accounts for Veza discovery by enabling the required assume role operations and IAM permissions.

Open Authorization APIs

If your organization uses applications, data sources, or identity providers not natively supported by Veza, you may be able to add them to your data catalog using . You will need to query the provider to retrieve entity and permissions metadata and push the payload to Veza for parsing in a template format.

Endpoints for administering custom resources (/providers/custom/*)are described in .

Data Sources

Operations for managing data sources including listing, updating, enabling, disabling, and status monitoring

Each cloud provider will have one or more associated data sources. Each represents a discrete instance of a service that Veza connects to for the discovery and extraction of authorization metadata.

The provider under /providers/aws/{id}, for example, may have an associated EC2 data source, represented as:

You can use the API to get or update data source records, or enable and disable individual data sources.

List Data Sources

Retrieve all data sources with optional filtering and pagination

Endpoint

Description

Returns the properties and status for all data sources. When filtering is applied, only data sources matching the filter will be returned.

Data sources represent discrete instances of services that Veza connects to for discovery and extraction of authorization metadata. Each cloud provider may have one or more associated data sources.

API Reference

Query Parameters

Parameter

Type

Required?

Description

Request Examples

Veza expects spaces in URLs encoded as + (?datasource_type+eq+"extractor"). Some libraries encode spaces as %2B by default, which will cause errors.

Response Examples

Standard Response:

Update Data Source

Update the name for a given data source ID

Endpoint

Description

Update the name for a given data source ID. This endpoint allows you to modify the display name of an existing data source.

API Reference

Path Parameters

Parameter

Type

Required?

Description

Request Body

Field

Type

Required?

Description

Request Examples

Response Examples

Standard Response:

Disable Data Source

Pause discovery and extraction for a data source

Endpoint

Description

Pause discovery and extraction for a data source. This will cancel all pending extractions for the specified data source.

Enable Data Source

Resume monitoring and queue the data source for extraction

Endpoint

Description

Resume monitoring and queue the data source for extraction. This will re-enable a previously disabled data source and schedule it for data collection.

API Reference

Path Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Standard Response:

List Lifecycle Manager Datasources

Lists all data sources that have enabled lifecycle management and their supported capabilities

Endpoint

Description

Lists all data sources that have enabled lifecycle management and their detailed capabilities. This endpoint shows which systems can be used as sources of identity information and as targets for access management operations in Veza Lifecycle Management.

Use this endpoint to:

Discover which datasources support lifecycle management
View the capabilities each datasource provides
Get datasource IDs needed for other lifecycle management operations

API Reference

Query Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Response Fields

Basic Datasource Information

id: Unique identifier for the datasource
name: Human-readable name of the datasource
provider_type: The type of integration (e.g., SCIM, WORKDAY, ACTIVE_DIRECTORY)

Supported Capabilities

The supported_capabilities field indicates what operations each datasource can perform:

IDENTITY_SOURCE: Can provide identity information for lifecycle management
ACCESS_TARGET: Can receive and execute access management operations

Available Actions

The available_actions array details specific lifecycle management operations supported:

action_type: Type of action (e.g., MANAGE_RELATIONSHIPS)
description: Human-readable description of the action
supported_entity_types: Entity types this action can work with (User, Group, etc.)

Syncable Attributes

The syncable_attributes array shows which entity attributes can be synchronized:

entity_type: The type of entity (User, Group, etc.)
attributes: Array of attribute definitions including:
- name: Attribute name in the target system

Grantable Entitlements

The grantable_entitlements array shows what access can be granted through this datasource:

entity_type: Type of entity that can grant access (typically Group)
entitlement_type: Type of entitlement relationship (MemberOf, etc.)
description: What access is granted through this entitlement

Get Lifecycle Manager Datasource

Retrieve details for a specific lifecycle management datasource

Endpoint

Description

Returns detailed information for a specific lifecycle management datasource by its ID, including its supported capabilities, available actions, syncable attributes, and grantable entitlements.

List by Action Type

Find lifecycle management datasources that support specific action types and entity relationships

Endpoint

Description

Returns

Get Parse Status

Retrieve the parsing status and details for a specific data source

Endpoint

Description

Returns the current parsing status for a specific data source, including information about the last parse operation and any errors that occurred.

Get Sync Status

Retrieve the synchronization status and details for a specific data source

Endpoint

Description

Returns the current synchronization status for a specific data source, including information about the last sync operation and any errors that occurred during data extraction.

API Reference

Path Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Standard Response:

Integration APIs

Programmatic configuration of providers and data sources

These customer-facing APIs are all available under the prefix <VezaURL>/api/v1/, for example:

https://company.veza.com/api/v1/providers/datasources

Notes

A data plane ID is required when adding a custom provider. This value refers to the Insight Point used for discovery, or the GUID of the built-in data plane. To get all available IDs, navigate to Administration > Insight Point. Unless you have deployed an Insight Point within your environment, the only entry will be for the internal data plane.
If a request is unsuccessful, an error message will provide additional details and troubleshooting steps.

Authentication

You can issue new API keys from Administration > API Keys > . Provide the key as the bearer auth token in the header of each request.

Users must have the role to add/modify provider configurations. Configurations can be viewed by users with the operator role.

Sample Integrations and Tools

Please contact your support team for private repository access.

Register Accounts - Use the management API to add multiple AWS accounts from CSV.

Veza Python Client - Simple Python class for making REST API calls to Veza.

Cloud Formation Stacks - Configure multiple AWS accounts for Veza discovery by enabling the required assume role operations and IAM permissions.

Open Authorization APIs

Endpoints for administering custom resources (/providers/custom/*)are described in .

List Lifecycle Manager Datasources

Lists all data sources that have enabled lifecycle management and their supported capabilities

Endpoint

GET /api/v1/providers/datasources/lifecycle_managers

Description

Use this endpoint to:

Discover which datasources support lifecycle management
View the capabilities each datasource provides
Get datasource IDs needed for other lifecycle management operations

API Reference

Query Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Response Fields

Basic Datasource Information

id: Unique identifier for the datasource
name: Human-readable name of the datasource
provider_type: The type of integration (e.g., SCIM, WORKDAY, ACTIVE_DIRECTORY)

Supported Capabilities

The supported_capabilities field indicates what operations each datasource can perform:

IDENTITY_SOURCE: Can provide identity information for lifecycle management
ACCESS_TARGET: Can receive and execute access management operations

Available Actions

The available_actions array details specific lifecycle management operations supported:

action_type: Type of action (e.g., MANAGE_RELATIONSHIPS)
description: Human-readable description of the action
supported_entity_types: Entity types this action can work with (User, Group, etc.)

Syncable Attributes

The syncable_attributes array shows which entity attributes can be synchronized:

entity_type: The type of entity (User, Group, etc.)
attributes: Array of attribute definitions including:
- name: Attribute name in the target system

Grantable Entitlements

The grantable_entitlements array shows what access can be granted through this datasource:

entity_type: Type of entity that can grant access (typically Group)
entitlement_type: Type of entitlement relationship (MemberOf, etc.)
description: What access is granted through this entitlement

S3 - Simple Storage Service
RDS_POSTGRES - PostgreSQL databases
RDS_MYSQL - MySQL databases
RDS_ORACLE - Oracle databases
RDS - General RDS service
DYNAMODB - DynamoDB NoSQL database
REDSHIFT - Redshift data warehouse
REDSHIFT_CLUSTER - Redshift cluster management
EC2 - Elastic Compute Cloud (virtual machines)
LAMBDA - Serverless functions
EKS - Elastic Kubernetes Service
ECR - Elastic Container Registry
EMR - Elastic MapReduce (big data)
AWS_IAM - Identity and Access Management
KMS - Key Management Service
SECRETS_MANAGER - AWS Secrets Manager
COGNITO - User authentication service
SSO - AWS Single Sign-On
ORGANIZATIONS - AWS Organizations
DATABRICKS - Analytics platform

Data Source Scheduling Configuration

Configure priority scheduling and extraction times for data sources

Overview

The Data Source Scheduling Configuration APIs allow administrators to configure advanced scheduling options for individual data sources, including:

Priority scheduling: Assign priorities (1-100) to ensure extraction jobs are processed ahead of standard data sources
Scheduled extraction times: Define specific times of day when extractions should occur (in 30-minute intervals)
Day-of-week scheduling: Restrict extractions to precise days of the week

These APIs are intended primarily for use with Veza Lifecycle Management to ensure critical data sources (such as HR systems) are refreshed at predictable times to support downstream automation workflows.

Supported Data Source Types: Scheduling configuration is designed for EXTRACTOR and DISCOVERER data source types only. Configuring scheduling for other data source types (such as PARSER) will not work as expected.

Examples

Source of Identity Scheduling

Configure HR system data sources to extract at specific times to ensure identity data is current before provisioning workflows execute:

Prevent Extraction During Business Hours

Schedule non-critical extractions only on weekends to reduce workload during business hours:

Endpoints

Method

Endpoint

Description

Create or Update Scheduling Configuration

Endpoint

Description

Creates or updates the scheduling configuration for a specific data source. If a configuration already exists for the data source, it will be updated with the new values; otherwise, a new configuration will be created.

Path Parameters

Parameter

Type

Required?

Description

Request Body

The request body contains the configuration fields directly (no wrapper object needed):

Field

Type

Required?

Description

Note: The datasource_id is specified in the URL path and should not be included in the request body.

Validation Rules

Priority: Must be between 1-100 (where 100 is the highest priority)
- When scheduled_extraction_times are configured, priority must be 100 to ensure jobs are processed closest to the configured times
- Priority 1-99 can be used without schedules for edge cases requiring a higher priority than standard periodic scheduling

Request Examples

Response Examples

Standard Response:

Error Response (Invalid Time Format):

Error Response (Limit Reached):

Get Scheduling Configuration

Endpoint

Description

Retrieves the scheduling configuration for a specific data source.

Path Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Standard Response:

Error Response (Not Found):

List Scheduling Configurations

Endpoint

Description

Returns all scheduling configurations across all data sources in your organization.

Query Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Standard Response:

Delete Scheduling Configuration

Endpoint

Description

Removes the scheduling configuration for a specific data source. The data source will revert to standard scheduling behavior.

Path Parameters

Parameter

Type

Required?

Description

Request Examples

Response Examples

Standard Response:

- Get data source IDs for configuration
- View data source details and status
- Automated identity lifecycle workflows

Cloud Platforms and Data Providers

Operations for listing, adding, and modifying cloud provider configurations

You can manage Veza integrations using the management API and a Veza admin API key.

Use these operations to configure and manage cloud platform integrations including AWS, Azure, Google Cloud, Snowflake, SQL Server, and Trino providers. Each provider type has specific configuration requirements and optional parameters for controlling discovery scope.

Provider Types

Veza supports the following provider types:

AWS: Amazon Web Services accounts with support for IAM, S3, RDS, Redshift, and other services
Azure: Microsoft Azure tenants including Active Directory and SharePoint Online
Google Cloud: Google Cloud Platform projects and Google Workspace domains

For detailed integration guides, see the .

Authentication

You will need an API token with administrator permissions to manage provider configurations. See for details.

Common Provider Properties

All provider configurations share these common properties:

id (String): Unique identifier for the provider configuration
vendor_id (String): Provider-specific identifier (e.g., AWS account ID)
name (String): Display name for the provider

AWS Providers

AWS Provider Object Schema

AWS provider configurations include account credentials, regions, and service-specific settings:

AWS Configuration Fields

account_id (String): AWS account ID (12-digit number)
credentials_type (String): Authentication method - STATIC, EC2_INSTANCE_PROFILE, or ASSUME_CUSTOMER_ROLE

AWS Service Discovery Options

Available service values for the services array:

IAM: Identity and Access Management
S3: Simple Storage Service
RDS: Relational Database Service

AWS Resource Filtering

Use allow/deny lists to control which resources are discovered:

s3_bucket_allow_list: S3 bucket names to include (supports wildcards)
s3_bucket_deny_list: S3 bucket names to exclude
rds_database_allow_list: RDS database names to include

For detailed AWS setup instructions, see .

AWS API Operations

List AWS Providers

Create AWS Provider

Get AWS Provider

Update AWS Provider

Delete AWS Provider

Get AWS Trust Policy

Check AWS Policy

Azure Providers

Azure Provider Object Schema

Azure provider configurations include tenant authentication and service settings:

Azure Configuration Fields

tenant_id (String): Azure Active Directory tenant ID
client_id (String): Application (client) ID for service principal
client_secret (String): Client secret for authentication

For detailed Azure setup instructions, see .

Azure API Operations

List Azure Providers

Create Azure Provider

Get Azure Provider

Update Azure Provider

Delete Azure Provider

Google Cloud Providers

Google Cloud Provider Object Schema

Google Cloud provider configurations include service account credentials and project settings:

Google Cloud Configuration Fields

credentials_json (String): Service account key JSON
customer_id (String): Google Workspace customer ID
workspace_email (String): Workspace user email for service account impersonation

For detailed Google Cloud setup instructions, see .

Google Cloud API Operations

List Google Cloud Providers

Create Google Cloud Provider

Get Google Cloud Provider

Update Google Cloud Provider

Delete Google Cloud Provider

Snowflake Providers

Snowflake Provider Object Schema

Snowflake provider configurations include connection details and database filtering:

Snowflake Configuration Fields

account_locator (String): Snowflake account locator (e.g., "xy12345")
region (String): Cloud region for the Snowflake account
cloud (String): Cloud provider ("aws", "azure", or "gcp")

For detailed Snowflake setup instructions, see .

Snowflake API Operations

List Snowflake Providers

Create Snowflake Provider

Get Snowflake Provider

Update Snowflake Provider

Delete Snowflake Provider

SQL Server Providers

SQL Server Provider Object Schema

SQL Server provider configurations include connection details and database filtering:

SQL Server Configuration Fields

host (String): SQL Server hostname or IP address
port (Integer): Port number (typically 1433)
username (String): SQL Server username

For detailed SQL Server setup instructions, see .

SQL Server API Operations

List SQL Server Providers

Create SQL Server Provider

Get SQL Server Provider

Update SQL Server Provider

Delete SQL Server Provider

Trino Providers

Trino Provider Object Schema

Trino provider configurations include cluster connection details and S3 access control file settings:

Trino Configuration Fields

host (String): Trino coordinator hostname
port (Integer): Trino coordinator port (typically 8080 or 8443)
username (String): Trino username

S3 Object Configuration

The aws_s3_object_config object contains:

access_key (String): AWS access key ID
secret_key (String): AWS secret access key
region (String): S3 bucket region

For detailed Trino setup instructions, see .

Trino API Operations

List Trino Providers

Create Trino Provider

Get Trino Provider

Update Trino Provider

Delete Trino Provider

Error Handling

All provider API operations return standard HTTP status codes:

200 OK: Request successful
400 Bad Request: Invalid request parameters or payload
401 Unauthorized: Invalid or missing API token

Error responses include a descriptive message and error code:

Best Practices

When managing provider configurations:

Use descriptive names that identify the environment and purpose
Implement least privilege by configuring only necessary services and resources
Use allow lists rather than deny lists when possible for better security

{
  "values": [
    {
      "id": "text",
      "vendor_id": "text",
      "name": "text",
      "type": 1,
      "state": 1,
      "data_plane_id": "text",
      "status": 1,
      "gather_guest_users": true,
      "gather_disabled_users": true,
      "domains": [
        "text"
      ],
      "gather_personal_sites": true,
      "audit_log": {
        "state": 1,
        "status": 1,
        "cursor": "2026-01-23T01:42:16.023Z",
        "synced_at": "2026-01-23T01:42:16.023Z"
      },
      "government_cloud": 1,
      "extract_pim_eligibility": true,
      "dynamics365_environments": [
        "text"
      ],
      "team_id": "text",
      "dynamics_erp_environments": [
        "text"
      ],
      "authentication_type": 1,
      "account_id": "text",
      "tenant_id": "text",
      "client_id": "text",
      "services": [
        1
      ],
      "sql_server_database_allow_list": [
        "text"
      ],
      "sql_server_database_deny_list": [
        "text"
      ],
      "sql_server_schema_allow_list": [
        "text"
      ],
      "sql_server_schema_deny_list": [
        "text"
      ],
      "sql_server_gather_system_databases": true,
      "gather_postgresql_system_schemas": true,
      "postgresql_username": "text",
      "postgresql_password": "text",
      "postgresql_database_allow_list": [
        "text"
      ],
      "postgresql_database_deny_list": [
        "text"
      ],
      "postgresql_schema_allow_list": [
        "text"
      ],
      "postgresql_schema_deny_list": [
        "text"
      ],
      "databricks_cloud_config": {
        "account_id": "text",
        "tag_name_collector_cluster": "text"
      },
      "sharepoint_site_allow_list": [
        "text"
      ],
      "sharepoint_site_deny_list": [
        "text"
      ],
      "rbac_id": "text",
      "identity_mapping_configuration": {
        "mappings": [
          {
            "destination_datasource_type": "text",
            "destination_datasource_oaa_app_type": "text",
            "type": 1,
            "mode": 1,
            "transformations": [
              1
            ],
            "custom_value": "text",
            "property_matchers": [
              {
                "source_property": 1,
                "destination_property": 1,
                "custom_source_property": "text",
                "custom_destination_property": "text"
              }
            ],
            "id_matchers": [
              {
                "source_id": "text",
                "destination_id": "text"
              }
            ],
            "destination_datasources": [
              {
                "type": "text",
                "oaa_app_type": "text"
              }
            ]
          }
        ],
        "use_email": true
      },
      "user_custom_properties": [
        {
          "name": "text",
          "type": 1,
          "lcm_unique_identifier": true
        }
      ],
      "provisioning": true,
      "lifecycle_management_state": 1,
      "secret_references": [
        {
          "id": "text",
          "secret_id": "text",
          "vault_id": "text",
          "vault": {
            "id": "text",
            "name": "text",
            "vault_provider": "text",
            "insight_point_id": "text",
            "deleted": true
          }
        }
      ],
      "gather_group_extra_info": true,
      "gather_group_owner_details": true,
      "log_analytics_workspace_id": "text",
      "subscription_id_allow_list": [
        "text"
      ],
      "subscription_id_deny_list": [
        "text"
      ],
      "storage_account_name_allow_list": [
        "text"
      ],
      "storage_account_name_deny_list": [
        "text"
      ],
      "blob_container_name_allow_list": [
        "text"
      ],
      "blob_container_name_deny_list": [
        "text"
      ]
    }
  ]
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-01-23T01:42:16.023Z",
      "synced_at": "2026-01-23T01:42:16.023Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "authentication_type": 1,
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "rbac_id": "text",
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1,
        "lcm_unique_identifier": true
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1,
    "secret_references": [
      {
        "id": "text",
        "secret_id": "text",
        "vault_id": "text",
        "vault": {
          "id": "text",
          "name": "text",
          "vault_provider": "text",
          "insight_point_id": "text",
          "deleted": true
        }
      }
    ],
    "gather_group_extra_info": true,
    "gather_group_owner_details": true,
    "log_analytics_workspace_id": "text",
    "subscription_id_allow_list": [
      "text"
    ],
    "subscription_id_deny_list": [
      "text"
    ],
    "storage_account_name_allow_list": [
      "text"
    ],
    "storage_account_name_deny_list": [
      "text"
    ],
    "blob_container_name_allow_list": [
      "text"
    ],
    "blob_container_name_deny_list": [
      "text"
    ]
  }
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-01-23T01:42:16.023Z",
      "synced_at": "2026-01-23T01:42:16.023Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "authentication_type": 1,
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "rbac_id": "text",
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1,
        "lcm_unique_identifier": true
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1,
    "secret_references": [
      {
        "id": "text",
        "secret_id": "text",
        "vault_id": "text",
        "vault": {
          "id": "text",
          "name": "text",
          "vault_provider": "text",
          "insight_point_id": "text",
          "deleted": true
        }
      }
    ],
    "gather_group_extra_info": true,
    "gather_group_owner_details": true,
    "log_analytics_workspace_id": "text",
    "subscription_id_allow_list": [
      "text"
    ],
    "subscription_id_deny_list": [
      "text"
    ],
    "storage_account_name_allow_list": [
      "text"
    ],
    "storage_account_name_deny_list": [
      "text"
    ],
    "blob_container_name_allow_list": [
      "text"
    ],
    "blob_container_name_deny_list": [
      "text"
    ]
  }
}

{
  "value": {
    "id": "text",
    "vendor_id": "text",
    "name": "text",
    "type": 1,
    "state": 1,
    "data_plane_id": "text",
    "status": 1,
    "gather_guest_users": true,
    "gather_disabled_users": true,
    "domains": [
      "text"
    ],
    "gather_personal_sites": true,
    "audit_log": {
      "state": 1,
      "status": 1,
      "cursor": "2026-01-23T01:42:16.023Z",
      "synced_at": "2026-01-23T01:42:16.023Z"
    },
    "government_cloud": 1,
    "extract_pim_eligibility": true,
    "dynamics365_environments": [
      "text"
    ],
    "team_id": "text",
    "dynamics_erp_environments": [
      "text"
    ],
    "authentication_type": 1,
    "account_id": "text",
    "tenant_id": "text",
    "client_id": "text",
    "services": [
      1
    ],
    "sql_server_database_allow_list": [
      "text"
    ],
    "sql_server_database_deny_list": [
      "text"
    ],
    "sql_server_schema_allow_list": [
      "text"
    ],
    "sql_server_schema_deny_list": [
      "text"
    ],
    "sql_server_gather_system_databases": true,
    "gather_postgresql_system_schemas": true,
    "postgresql_username": "text",
    "postgresql_password": "text",
    "postgresql_database_allow_list": [
      "text"
    ],
    "postgresql_database_deny_list": [
      "text"
    ],
    "postgresql_schema_allow_list": [
      "text"
    ],
    "postgresql_schema_deny_list": [
      "text"
    ],
    "databricks_cloud_config": {
      "account_id": "text",
      "tag_name_collector_cluster": "text"
    },
    "sharepoint_site_allow_list": [
      "text"
    ],
    "sharepoint_site_deny_list": [
      "text"
    ],
    "rbac_id": "text",
    "identity_mapping_configuration": {
      "mappings": [
        {
          "destination_datasource_type": "text",
          "destination_datasource_oaa_app_type": "text",
          "type": 1,
          "mode": 1,
          "transformations": [
            1
          ],
          "custom_value": "text",
          "property_matchers": [
            {
              "source_property": 1,
              "destination_property": 1,
              "custom_source_property": "text",
              "custom_destination_property": "text"
            }
          ],
          "id_matchers": [
            {
              "source_id": "text",
              "destination_id": "text"
            }
          ],
          "destination_datasources": [
            {
              "type": "text",
              "oaa_app_type": "text"
            }
          ]
        }
      ],
      "use_email": true
    },
    "user_custom_properties": [
      {
        "name": "text",
        "type": 1,
        "lcm_unique_identifier": true
      }
    ],
    "provisioning": true,
    "lifecycle_management_state": 1,
    "secret_references": [
      {
        "id": "text",
        "secret_id": "text",
        "vault_id": "text",
        "vault": {
          "id": "text",
          "name": "text",
          "vault_provider": "text",
          "insight_point_id": "text",
          "deleted": true
        }
      }
    ],
    "gather_group_extra_info": true,
    "gather_group_owner_details": true,
    "log_analytics_workspace_id": "text",
    "subscription_id_allow_list": [
      "text"
    ],
    "subscription_id_deny_list": [
      "text"
    ],
    "storage_account_name_allow_list": [
      "text"
    ],
    "storage_account_name_deny_list": [
      "text"
    ],
    "blob_container_name_allow_list": [
      "text"
    ],
    "blob_container_name_deny_list": [
      "text"
    ]
  }
}

Identity Providers

API endpoints for configuring Okta and OneLogin

You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.

AzureAD and Google Workspace identities are discovered by adding the associated Google Cloud account or Azure tenant as a cloud provider.

`providers/activedirectory`

See the configuration guide for the prerequisite steps to integrate with Veza. An AD configuration has the following parameters:

List Active Directory Providers

The response will include all existing configurations, in the format:

Create Active Directory Provider

Get Active Directory Provider

Delete Active Directory Provider

Update Active Directory Provider

`providers/okta`

An Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:

See the integration guide for more details on retrieving an Okta API token and registering your domain with Veza.

List Okta Providers

List Okta Providers

GET {{vezaURL}}/api/v1/providers/okta

Get the configuration and status for all configured Okta integrations.

* indicates a required field.

Create Okta Provider

Create Okta Provider

POST {{vezaURL}}/api/v1/providers/okta

Submit a new Okta provider configuration.

* indicates a required field.

Request Body

Name

Type

Description

Get Okta Provider

Get Okta Provider

GET {{vezaURL}}/api/v1/providers/okta/{id}

Get an individual Okta provider configuration.

* indicates a required field.

Path Parameters

Name

Type

Description

Delete Okta Provider

Delete Okta Provider

DELETE {{vezaURL}}/api/v1/providers/okta/{id}

Delete an Okta provider, removing all associated entities from Veza.

* indicates a required field.

Path Parameters

Name

Type

Description

Update Okta Provider

Update Okta Provider

PATCH {{vezaURL}}/api/v1/providers/okta/{id}

Update an existing provider configuration with new properties.

* indicates a required field.

Path Parameters

Name

Type

Description

Query Parameters

Name

Type

Description

Request Body

Name

Type

Description

`providers/onelogin`

A OneLogin configuration includes the domain, region, and credentials to use for the connection:

See for steps to generate credentials for Veza-OneLogin API access.

List OneLogin Providers

List OneLogin Providers

GET {{vezaURL}}/api/v1/providers/onelogin

Gets all configured OneLogin providers.

* indicates a required field.

Create OneLogin Provider

Create OneLogin Provider

POST {{vezaURL}}/api/v1/providers/onelogin

Submit a new OneLogin provider configuration. See

for more information about enabling Veza access to OneLogin metadata.

* indicates a required field.

Path Parameters

Name

Type

Description

Get OneLogin Provider

Get OneLogin Provider

GET {{vezaURL}}/api/v1/providers/onelogin/{id}

Return the status and configuration for a single OneLogin provider configuration.

* indicates a required field.

Path Parameters

Name

Type

Description

Delete OneLogin Provider

Delete Onelogin Provider

DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}

Delete a OneLogin configuration and its discovered entities.

* indicates a required field.

Path Parameters

Name

Type

Description

Update OneLogin Provider

Update OneLogin Provider

PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}

Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.

* indicates a required field.

Path Parameters

Name

Type

Description

Query Parameters

Name

Type

Description

Request Body

Name

Type

Description

Integration APIs

hashtagAuthentication

hashtagSample Integrations and Tools

hashtagOpen Authorization APIs

Data Sources

List Data Sources

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagQuery Parameters

hashtagRequest Examples

hashtagResponse Examples

Update Data Source

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagPath Parameters

hashtagRequest Body

hashtagRequest Examples

hashtagResponse Examples

Disable Data Source

hashtagEndpoint

hashtagDescription

Enable Data Source

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagPath Parameters

hashtagRequest Examples

hashtagResponse Examples

List Lifecycle Manager Datasources

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagQuery Parameters

hashtagRequest Examples

hashtagResponse Examples

hashtagResponse Fields

hashtagBasic Datasource Information

hashtagSupported Capabilities

hashtagAvailable Actions

hashtagSyncable Attributes

hashtagGrantable Entitlements

Get Lifecycle Manager Datasource

hashtagEndpoint

hashtagDescription

List by Action Type

hashtagEndpoint

hashtagDescription

Get Parse Status

hashtagEndpoint

hashtagDescription

Get Sync Status

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagPath Parameters

hashtagRequest Examples

hashtagResponse Examples

List Data Sources

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagQuery Parameters

hashtagRequest Examples

hashtagResponse Examples

Integration APIs

hashtagAuthentication

hashtagSample Integrations and Tools

hashtagOpen Authorization APIs

Update Data Source

hashtagEndpoint

hashtagDescription

hashtagAPI Reference

hashtagPath Parameters

hashtagRequest Body

hashtagRequest Examples

hashtagResponse Examples

Get Sync Status

hashtagEndpoint

Authentication

Sample Integrations and Tools

Open Authorization APIs

Endpoint

Description

API Reference

Query Parameters

Request Examples

Response Examples

Endpoint

Description

API Reference

Path Parameters

Request Body

Request Examples

Response Examples

Endpoint

Description

Endpoint

Description

API Reference

Path Parameters

Request Examples

Response Examples

Endpoint

Description

API Reference

Query Parameters

Request Examples

Response Examples

Response Fields

Basic Datasource Information

Supported Capabilities

Available Actions

Syncable Attributes

Grantable Entitlements

Endpoint

Description

Endpoint

Description

Endpoint

Description

Endpoint

Description

API Reference

Path Parameters

Request Examples

Response Examples

Endpoint

Description

API Reference

Query Parameters

Request Examples

Response Examples

Authentication

Sample Integrations and Tools

Open Authorization APIs

Endpoint

Description

API Reference

Path Parameters

Request Body

Request Examples

Response Examples

Endpoint

Description

API Reference

Path Parameters

Request Examples

Response Examples

Endpoint

Description

API Reference

Path Parameters

Request Examples

Response Examples

Endpoint

Description

Endpoint

Description