API endpoints for configuring Okta and OneLogin
You can manage Veza Identity Provider integrations using the management API and a Veza admin API key.
providers/activedirectorySee the configuration guide for the prerequisite steps to integrate Active Directory with Veza. An AD configuration has the following parameters:
{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}curl --location --request GET '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN'The response will include all existing configurations, in the format:
{
"values": [
{
"id": "interation-GUID",
"vendor_id": "domain.controller.FQDN",
"name": "ad_cct01",
"type": "ACTIVE_DIRECTORY",
"state": "ENABLED",
"data_plane_id": "insight-point-GUID",
"status": "SUCCESS",
"host": "domain.controller.FQDN",
"port": 636,
"username": "read.only",
"domains": [
"corp.cookie.ai"
],
"ad_fqdn": "cct01-ad-01.corp.cookie.ai",
"identity_mapping_configuration": null
}
]
}curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'curl --location --request POST '/api/v1/providers/activedirectory' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"ad_fqdn": "FQDN.NAME.ON.CERT",
"name": "Test-AD",
"host": "FQDN.FOR.DOMAIN.CONTROLLER",
"port": 636,
"ldaps_certificate": "Base64 Encoded String of PEM format",
"username": "ADMIN",
"password": "PASSWORD",
"domains": ["FQDN.OF.DOMAIN"],
"data_plane_id": "DATAPLAN_ID"
}'curl --location --request DELETE '/api/v1/providers/activedirectory/{{provider_id}}' \
--header 'Authorization: Bearer TOKEN'curl --location --request PATCH '/api/v1/providers/azure/{{provider_id}}' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"port": 636
}'providers/oktaAn Okta configuration includes connection information and credentials, as well as any limits on apps and domains to extract:
{
"id": "string",
"domain": "string",
"region": "string",
"token": "string",
"gather_all_applications": true,
"domain_allow_list": [
"string"
],
"domain_deny_list": [
"string"
],
"app_allow_list": [
"string"
],
"app_deny_list": [
"string"
]
}See the Okta integration guide for more details on retrieving an Okta API token and registering your domain with Veza.
GET {{vezaURL}}/api/v1/providers/okta
Get the configuration and status for all configured Okta integrations.
* indicates a required field.
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}POST {{vezaURL}}/api/v1/providers/okta
Submit a new Okta provider configuration.
* indicates a required field.
name*
string
Name for the Okta Provider
domain*
string
Okta domain
region*
string
The Okta region
us
data_plane_id
string
Provide if connecting via an Insight Point
token*
string
Okta API token
gather_all_applications
boolean
Whether to extract all apps or only selected
domain_allow_list
string list
Domains to explicitly allow
domain_deny_list
string list
Domains to exclude from discovery
app_allow_list
string list
Apps to explicitly allow
app_deny_list
string list
Apps to exclude from discovery
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
]
}GET {{vezaURL}}/api/v1/providers/okta/{id}
Get an individual Okta provider configuration.
* indicates a required field.
id*
string
The Okta provider configuration ID
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}DELETE {{vezaURL}}/api/v1/providers/okta/{id}
Delete an Okta provider, removing all associated entities from Veza.
* indicates a required field.
id
string
ID of the configuration to delete
{}PATCH {{vezaURL}}/api/v1/providers/okta/{id}
Update an existing provider configuration with new properties.
* indicates a required field.
{id}*
string
The Okta provider configuration ID
update_mask.paths
array[string]
the set of field mask paths
domain
string
region
string
token
string
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string"
}
}providers/oneloginA OneLogin configuration includes the domain, region, and credentials to use for the connection:
{
"name": "string",
"domain": "string",
"region": "string",
"client_id": "string",
"client_secret": "string",
"data_plane_id": "string"
}See connecting to OneLogin for steps to generate credentials for Veza-OneLogin API access.
GET {{vezaURL}}/api/v1/providers/onelogin
Gets all configured OneLogin providers.
* indicates a required field.
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}POST {{vezaURL}}/api/v1/providers/onelogin
Submit a new OneLogin provider configuration. See
for more information about enabling Veza access to OneLogin metadata.
* indicates a required field.
name*
string
The name to show in Veza
domain*
string
Your company's OneLogin domain
region*
string
The region of the Onelogin instance, e.g.
us
client_id*
string
Client ID for the OneLogin key pair
client_secret*
string
Client Secret for the OneLogin ID pair
data_plane_id
string
Insight Point ID to use for the connection
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}GET {{vezaURL}}/api/v1/providers/onelogin/{id}
Return the status and configuration for a single OneLogin provider configuration.
* indicates a required field.
id*
string
OneLogin provider ID
{
"value": {
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
}DELETE {{vezaURL}}/api/v1/providers/onelogin/{id}
Delete a OneLogin configuration and its discovered entities.
* indicates a required field.
id*
string
The OneLogin configuration to delete
{}PATCH {{VezaURL}}/api/v1/providers/onelogin/{id}
Update a OneLogin provider configuration. You can provide field mask paths to only update specific fields.
* indicates a required field.
{id}*
string
ID of the OneLogin configuration to update
update_mask.paths
array[string]
The set of field mask paths
name*
string
domain*
string
region*
string
client_id*
string
client_secret*
string
data_plane_id
string
{
"values": [
{
"id": "string",
"vendor_id": "string",
"name": "string",
"type": "UNKNOWN_PROVIDER",
"state": "STARTED",
"data_plane_id": "string",
"status": "PENDING",
"domain": "string",
"region": "string",
"client_id": "string"
}
]
}