> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Wiz

> Wiz is used to rapidly identify and remove the most critical risks in AWS, Azure, GCP, and Kubernetes, so they can build faster and more securely.

## Creating a Wiz connection

To create the connection you need:

* [An API address](#api-address)
* [A client ID](#client-id-and-secret)
* [A client secret](#client-id-and-secret)
* [A Token URL](#token-url)

### Obtaining the credentials

#### API Address

The Wiz Integration API has a single endpoint `https://api.<region>.app.wiz.io/graphql`.

The region defines where the tenant resides, e.g. `us1`, `us2`, `eu1`, or `eu2`.

1. In your Wiz console, click on your profile icon and go to **Tenant Info**.

   <img src="https://mintcdn.com/blinkops-2/voryysxet2ceQeMj/img/Wiz/wizSettings.png?fit=max&auto=format&n=voryysxet2ceQeMj&q=85&s=09789d57543241c43732ce70454fa1b7" alt="User Settings" width="2993" height="1509" data-path="img/Wiz/wizSettings.png" />

2. Copy your *API Endpoint URL*.

   <img src="https://mintcdn.com/blinkops-2/voryysxet2ceQeMj/img/Wiz/wiztenanturl.png?fit=max&auto=format&n=voryysxet2ceQeMj&q=85&s=425330cb3ed21d4f8764a60c9e03d950" alt="Tenant" width="3007" height="1508" data-path="img/Wiz/wiztenanturl.png" />

#### Client ID and Secret

1. In your Wiz console, go to **Settings** > **Access Management** > **Service Accounts**.

   <img src="https://mintcdn.com/blinkops-2/voryysxet2ceQeMj/img/Wiz/navtoserviceaccounts.png?fit=max&auto=format&n=voryysxet2ceQeMj&q=85&s=0d0ddaf182f9e5c85fe74879bbc180d0" alt="https://files.readme.io/0be839a-service_accounts.png" width="3007" height="1508" data-path="img/Wiz/navtoserviceaccounts.png" />

2. Click **Add Service Account**.

   <img src="https://mintcdn.com/blinkops-2/voryysxet2ceQeMj/img/Wiz/wizAddServiceAccount.png?fit=max&auto=format&n=voryysxet2ceQeMj&q=85&s=e2d632800dcf3e932e9b2b9930e5fba0" alt="https://files.readme.io/c278bd7-new-service-account.PNG" width="3007" height="1508" data-path="img/Wiz/wizAddServiceAccount.png" />

3. Fill in the parameters:

   * Name the account.

   * (Optional) Select specific Projects to limit the new service account's access.

   * Select the scopes you wish to grant the new service account. We recommend assigning the scopes which will suffice for all of out-of-the-box Blink actions:

     * `read:issues`
     * `read:users`
     * `read:reports`
     * `create:reports`

4. When completed, Click **Add Service Account**.

5. Copy the **Client ID** and **Secret**, and save in a secure place.

   <img src="https://mintcdn.com/blinkops-2/voryysxet2ceQeMj/img/Wiz/WizClientIdSecret.png?fit=max&auto=format&n=voryysxet2ceQeMj&q=85&s=dabd122aef5fbadcb400eea2af7427b4" alt="wizClientIdSecret" width="1828" height="1343" data-path="img/Wiz/WizClientIdSecret.png" />

6. Click **Finish**.

#### Token URL

1. Go to [Settings > Access Management > Tenant Info](https://app.wiz.io/tenant-info/general).

2. Copy your **Authentication URL**.

   <img src="https://mintcdn.com/blinkops-2/voryysxet2ceQeMj/img/Wiz/authendpoint.png?fit=max&auto=format&n=voryysxet2ceQeMj&q=85&s=7d6fc79344153dff50e40265264eab5b" alt="Token URL Endpoint" width="3007" height="1508" data-path="img/Wiz/authendpoint.png" />

   Token URL endpoints:

   | Idp            | Endpoint                              | Endpoint for gov tenants               |
   | -------------- | ------------------------------------- | -------------------------------------- |
   | Amazon Cognito | `https://auth.app.wiz.io/oauth/token` | `https://auth.gov.wiz.io/oauth/token`  |
   | Auth0          | `https://auth.wiz.io/oauth/token`     | `https://auth0.gov.wiz.io/oauth/token` |

### Creating your connection

1. In the Blink platform, navigate to the **Connections** page > **Add connection**. A New Connection dialog box opens displaying icons of external service providers available.

2. Select the **Wiz** icon. A dialog box with name of the connection and connection methods appears.

3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.

4. Select **Service Account** as the method to create the connection.

5. Fill in the parameters:

   * The API address
   * The client ID
   * The client secret
   * The Token URL

6. (Optional) Click **Test Connection** to test it.

7. Click **Create connection**. The new connection appears on the **Connections** page.
