VEZA DEVELOPERS

Appearance

Open Authorization API

The Open Authorization API (OAA) is used to publish information about identities, authorization, and resources to the Veza entity catalog, making custom-built or otherwise-unsupported applications available for search, workflows, access reviews and life cycle management. A typical motivation for using OAA is the need to integrate with enterprise applications that don't have an official Veza integration, such as a custom identity broker or internally built applications.

INFO

Each built-in Veza integration has a fixed schema unique to the provider. Integrations created with OAA can use the Custom Application, Custom Identity Provider, Custom HR Information System Provider, or Custom Principal schema. The OAA templates are flexible enough to model a wide range of data and identity sources.

You can develop a custom connector using the Veza-provided Python SDK oaaclient, .NET C# SDK Veza.OAA, or your language of choice. The Veza Developer portal provides quick starts, documentation and references. Additionally, example connectors are available on the Veza GitHub repository.

To integrate a custom application using OAA, you will typically rely on an API (or another method) to list identities and resources within the host system, and retrieve entity and authorization metadata such as permissions, roles, and activity status. You must then structure this information according to one of the supported OAA templates. Once you have assembled the payload, you can publish it using REST API calls or SDK.

Use Cases

Customers have utilized the Open Authorization API to accommodate many different scenarios. A few use cases include:

  • Visibility to an internal developer portal to track which users have access to production systems.
  • Integration applications to complete Access Reviews to meet audit requirements.
  • Collecting infrastructure-as-a-code (IaC) configurations to audit which users can log in to important hosts.
  • Automating Lifecycle Management and Access Requests for custom applications that expose SCIM endpoints, enabling provisioning workflows for home-grown systems.

First Steps

Getting Started introduces important OAA workflows, the custom application template, and common API operations. When planning your connector, you may also want to review the Core Concepts for more information about naming considerations, mapping custom applications to the OAA schema, and other topics.

Veza provides a Python SDK and working example connectors, which you can download using GitHub or pip install oaaclient. Examples and documentation are included with the source code.

Alternatively, you can parse a data source, compile the JSON payload, and publish it using your language of choice. For detailed documentation on the OAA schema and API operations, see: