Appearance
OAA Templates
JSON schemas for describing custom applications and identity providers
OAA utilizes templates (JSON schema) for structuring authorization and identity metadata, combined with a REST API to register, update and manage the data. Once uploaded, Veza processes the template payload and incorporates the entities and permissions into the Authorization Metadata Graph.
Choosing the appropriate template (application
or identity provider
) is the first step in creating a new integration with OAA. The template provides a schema for describing the identities, resources, and authorization relationships local to the OAA data source.
Custom Application
For most applications, SaaS Apps and systems the Custom Application Template provides a generic and flexible model to capture authorization data for users and groups to the system and its resources.
A custom application is structured with the following main entities:
- Application
- Resource
- Sub-resource
- Sub-resource
- Additional sub-resources
- Sub-resource
- Sub-resource
- Local Users
- Local Groups
- Local Roles
- Resource
- Local Permissions
- Identity-to-permissions binding
Custom Identity Provider
Intended for modeling sources of users, group, and federated identity metadata, the Custom Identity Provider Template can be used to enumerate users and groups that access other external applications and resources, similar to built-in connectors for Okta and AzureAD. These users and groups typically represent the top-level corporate identities within an organization.
A Custom Identity Provider can have the following entities:
- Domains
- Users
- Groups
The Custom IdP template also includes the option to define AWS Roles that are assumable by users and groups and can work with Access Review Workflows to auto-assign resource managers.