Veza, an identity security provider, has introduced Access AuthZ, a new product designed to automate the granting and revoking of access across enterprise systems, aiming to address the “last mile” of identity governance.

Access AuthZ unifies access control and automation, building on Veza’s Access Graph and Access Profiles. It extends provisioning capabilities beyond traditional lifecycle management tools to include legacy platforms, homegrown Identity and Access Management (IAM) systems, and custom applications through Veza’s Open Authorization API (OAA). This functionality supports organizations in modernizing access governance, enforcing least privilege access, and accelerating employee access at scale.

The launch comes as enterprises face challenges with identity governance. According to Gartner, “50% of IGA deployments are in distress” (July 2025), highlighting issues such as fragmented workflows, manual processes, and the growth of machine and AI Agent identities. Analyst firm ESG also notes that the average time to provision users is six days, indicating ongoing productivity and security drags due to manual identity processes. Veza’s approach aims to reduce the mean time for provisioning or deprovisioning access, accelerate service delivery, and enhance governance.

Jorel Van Os, Deputy Chief Information Security Officer at Acrisure, commented on the landscape, stating, “Traditional identity is fundamentally broken. We think Veza has cracked the code by moving identity beyond the scope of traditional identity access governance solutions that can only see as far as users and groups. By harnessing the power of permissions and entitlements, Veza’s Access Platform has helped transform Acrisure’s IGA needs and identity security use cases into a unified approach that gives us greater visibility, control, and management over access.”

Veza Access AuthZ automates user provisioning and deprovisioning across cloud, SaaS, and on-premises applications, systems, and databases. It is designed as a single interface that extends provisioning capabilities to legacy IGA, ITSM, SOAR, and custom applications, ensuring consistent access management through support for the SCIM protocol, native integrations, and Veza’s OAA framework. The system is designed for straightforward implementation, avoiding the complexities often associated with legacy IGA deployments.

As a core automation engine within Veza’s unified access platform, Access AuthZ works with Access Reviews, Lifecycle Management, and Access Requests to provide end-to-end control, visibility, and scalability. Its capabilities are intended to result in faster service delivery by automating provisioning, reviews, and requests; reduced operational overhead through AI-driven workflows and auto-reconciliation; improved risk posture and compliance via risk-based access reviews and continuous enforcement; unified governance across hybrid environments by extending automation to various systems; and an enhanced user and auditor experience through integrations with platforms like ServiceNow, Jira, Slack, and Microsoft Teams.

Alongside Access AuthZ, Veza has also announced enhancements across its IGA portfolio. Risk-based Access Reviews now include advanced risk scoring, access outlier detection using peer group analysis, and explainable insights to aid reviewer decision-making. Automated reconciliation, powered by Veza’s Access Graph, simplifies remediation and audit reporting, while multi-level reviews and AI-based explainability are integrated with communication platforms like Slack to improve engagement.

Lifecycle Management has been enhanced to offer faster, safer, and more flexible provisioning for joiner, mover, and leaver workflows at an enterprise scale. These improvements include prioritized workflows, enhanced dry run capabilities, and visual design tools to speed deployments. Safeguards such as versioning, rollback controls, and predictive safety limits are incorporated to prevent erroneous changes. Expanded support for SCIM, OAuth2, and the OAA Write framework, alongside native application and platform integrations, allows OAA Write to automate user provisioning and deprovisioning for non-SCIM, legacy, custom, and homegrown applications.

Access Requests now feature a modern, intuitive Access Catalog experience that supports bulk, Just-in-Time (JIT), and third-party requests. Integrations with modern communication platforms are designed to enhance user engagement and streamline the processing of access requests. Access AI adds natural-language search and peer-based recommendations to assist users in quickly finding and requesting appropriate access from the Access Catalog.

Tarun Thakur, Co-Founder and CEO of Veza, stated, “Veza started by giving enterprises comprehensive visibility into every identity, permission, and entitlement for all systems. With Access AuthZ, we’re extending that foundation to full automation to enable organizations to grant and revoke access instantly across any system. With Veza, identity and security teams can comprehensively govern every identity—human, machine, or AI—with speed, precision, and confidence, reducing the mean time to provision or deprovision access while proactively closing blind spots before they become security risks.”

Veza has also expanded its Access AI capabilities, which now include intelligent recommendations and explainable insights into access permissions, aiming to transform identity governance into an adaptive, self-optimizing system that scales with business growth and improves compliance and security posture.

Veza was featured in Gartner’s 2025 Hype Cycle for Digital Identity as a vendor in the emerging category of AI for Access Administration. Gartner notes that AI for Access Administration “can reduce manual work, improve delegation to non-IAM teams, speed up value delivery for IAM teams, and help organizations manage the growing impact of AI deployments.”

Founded in 2020 and headquartered in Los Gatos, California, Veza is an identity security provider trusted by global enterprises such as Wynn Resorts, Expedia, and Blackstone. Its Access Platform addresses identity security use cases, including privileged access monitoring, non-human identity (NHI) security, access entitlement management, data system access, SaaS access security, identity security posture management (ISPM), next-generation IGA, and Agentic AI identity security. Veza has been recognized by GigaOm’s ISPM Radar and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), New Enterprise Associates (NEW), Norwest Venture Partners, and True Ventures.