WIZ

introduction this guide tells you how to authenticate the wiz connector in swimlane using oauth 2 0 client credentials you will collect the required wiz credentials, confirm the correct wiz endpoints for your tenant, and configure the connector in swimlane prerequisites wiz access requirements you must have wiz permissions to identify the region where your wiz tenant resides create or request an api client (client id and client secret) for wiz oauth 2 0 confirm which identity provider (idp) your wiz tenant uses (amazon cognito or auth0) required credentials during setup, you will collect api endpoint url client id client secret token url audience api endpoint url the wiz integration api has a single url for all the actions https //api \<region> app wiz io/graphql you can use the above url and replace it with the region where your tenant resides, e g us1, us2, eu1, or eu2 example https //api us1 app wiz io/graphql token urls there are two possible token urls depending on your service account's identity provider idp token url token url (gov tenants) amazon cognito https //auth app wiz io/oauth/token https //auth gov wiz io/oauth/token auth0 https //auth wiz io/oauth/token https //auth0 gov wiz io/oauth/token audience choose a relevant audience from the following idp audience amazon cognito wiz api auth0 beyond api wiz setup take the following steps to collect your wiz oauth credentials identify your wiz tenant region (for example us1, us2, eu1, or eu2) obtain the wiz api client id and client secret for your tenant confirm whether your tenant uses amazon cognito or auth0 as the identity provider select the correct token url and audience value based on the identity provider connector configuration in swimlane log in to turbine from the left hand navigation pane, click orchestration and click assets asset homepage opens click + icon to open the configure your connector asset window select wiz from the asset type list fill in the asset settings and asset input as shown field description required/optional url api endpoint url for your tenant region (https //api \<region> app wiz io/graphql) required token url token url based on your idp (cognito/auth0) required client id client id from wiz required client secret client secret from wiz required audience audience based on your idp (wiz api or beyond api) required first use it as a pagination argument to refine your results possible values 1 5000 the default will be 500 if not mentioned optional verify ssl enable/disable ssl verification optional http proxy optional proxy configuration optional fields with marks are required click create troubleshooting if you encounter a 401 or 403 error verify the token url matches your tenant's identity provider (cognito vs auth0) verify the audience value matches your identity provider confirm the api endpoint url region matches your wiz tenant region regenerate the client secret if it has expired and update the asset in swimlane you have successfully authenticated the wiz connector in swimlane