By default, all users with access to Vanta can log in via a unique, time-limited link sent to their email. For security purposes, companies may wish to disable this option for your domain and only allow a subset of users to log in using this option. When magic link login is disabled for a domain, all users with SSO access will be required to log in via SSO, and users without SSO access will not be able to log in unless expressly exempted from this setting.
Before disabling magic link login for your domain, you must connect an SSO method. This can be one of Vanta’s IDP integrations, or, if included in your package, a custom SAML method.
Disable Magic Links
To edit this setting, open the settings page by clicking the gear icon in the top right-hand corner
Select the Login and security tab
Toggle the Login via magic link open on or off to suit your needs
When you disable the magic link, you will be automatically added to the list of users exempted from this setting
Please note: If you do not have an SSO method configured, the toggle will be disabled
Once you toggle the option off, you will notice the opportunity to Manage exemptions. This means that all users except those exempted from this account must log in with single sign-on (SSO).
We recommend exempting at least one user from this requirement so the account can always be accessed, in case of an issue with your identity provider.
Exemptions
Admins can define a list of users exempted from this setting. The users on the exemption list can log in via the magic link in addition to any SSO configured for their account.
Select the Add user drop-down, and include the name of the user(s) you would like to exempt
To remove a user from the exemption list, select the trash can icon on the right-hand side of the user name
Please note that this setting does not impact MSP (managed service provider) and auditor access to your domain. Because of this, partner users are not eligible to be added to the exemption list.
Frequently Asked Questions
Some of my users have access to multiple independent Vanta domains, which requires them to log in to Vanta using the magic link. What happens if I disable the magic link login?
These users will still be sent a magic link that allows them to view the list of domains they can access. If you have configured SSO for their user in your domain, selecting your domain will route them to your SSO login. Otherwise, you must add them to the exemption list to grant them access. If you do not configure SSO for them and do not add them to the exemption list, they will not be able to log in to your domain.
I have a Vanta workspace. What happens if I disable the magic link in only one workspace domain?
Users with access to multiple domains of the workspace will be required to log in via SSO before accessing the domain with the magic link login disabled. To ensure no disruption of cross-domain access, we recommend that all users who require access to multiple workspace domains be explicitly linked in the workspace console.
I have an MSP; how does disabling the magic link affect their access?
Your MSP’s access to your domain is unaffected by your login settings.
I have an auditor. How does disabling the magic link affect their access?
Your auditor’s access to your domain is unaffected by your login settings.
Multiple SSOs are connected; what happens when I disable the magic link?
Your users will be directed to whichever SSO method is primary for their user. This is determined by the precedence you set when you connected your second IDP.