OAA Community is a repository of production quality example connectors and quickstart samples that can be consumed under an open source (MIT) license. We provide these connectors to help customers get up and running quickly developing their own connectors, whether they are for in-house custom applications, or systems that aren't yet part of Veza's native integration set.
ℹ️ Many of these connector examples are available as native integrations in the Veza platform.
Veza customers and partners can use the OAA Community as a resource for developing their own connectors and tooling, and are encouraged to contribute to add support for new sources (apps, databases, etc.) or improve existing ones.
Veza is an identity security platform that allows organizations to dynamically visualize, understand and control who can and should take what action on what resource. We organize authorization metadata across identity providers, HRIS, IAM, SaaS, apps, data systems, and more — to help organizations with critical use cases of access governance, privileged access monitoring, cloud access management, data system access and SaaS access security.
The Open Authorization API (OAA) is used to publish information about identities, authorization, and resources to the Veza Authorization Graph, making custom-built or otherwise-unsupported applications available for workflows, search, and monitoring. The OAA connector has three jobs: it needs to pull authorization data from the target system (i.e., SaaS app, data storage system, or custom software, etc.), transform that data into a format Veza understands, and call the Veza API to import the data into Veza.
Open Authorization API is not currently associated with any open standards bodies (IETF, etc.). We will be working with various teams to pursue open standards over course of time. All OAA resources in this repository are licensed under the MIT license.
💡 For any feedback on Open Authorization API - for example, API enrichments, etc. - please open an issue.
OAA works by providing a mechanism to upload authorization information from a target system to Veza in a standardized format. To integrate a new system, you utilize that system's API (or other interfaces) to enumerate the identities, permissions and resources that you want available in Veza. This information must then be formatted according to the OAA JSON schema and uploaded to Veza using the OAA REST API.
Veza processes this schema mapping to integrate metadata from the new target system into its Authorization Metadata Graph and then maps which identities have what permissions to what resources. Veza combines this information with discovered data from Identity Providers to expand group memberships and correlate identities. Identities can be local to that application or linked to external Identity Providers (IdP) like Okta or Microsoft Entra ID. The Veza schema can capture and represent both standard CRUD (Create, Read, Update, and Delete) as well as system-specific permissions (like “Admin” or “Operator”).
Once a target application or system is integrated via OAA into Veza, it acts like any other data source. OAA-integrated systems are fully available for the purpose of Veza search, governance workflows, reports, alerts, and more.
To use a sample connector, see the README file for the corresponding integration in the /connectors directory. Each README will contain an overview and instructions for how to use the connector. Download the code and follow the setup instructions to use the connector in your application.
To get started developing your own connectors:
-
Visit the developer documentation
-
See the /quickstarts directory:
sample-app.py- sample generic application, suitable for most SaaS apps.sample-idp.py- sample custom identity provider, for IdPs and other identity related services
-
Use the
oaaclientSDK for developing your own connectors in Python. See OAAClient GitHub repo for more information.
If you are interested in contributing improvements or new connectors see our guide