Skip to main content

Managing Access Requests in Vanta

S
Written by Shannon DeLange
Updated this week

With Vanta, requesting access to company systems is simple and automated. Personnel can submit access requests, which Vanta routes to the correct approver and system admin for review and provisioning. This feature is especially helpful for IT teams and managers looking to streamline and track access in one place.

Note: Vanta’s Access Requests tool is now in open beta! To join, please email [email protected]. You’ll need an Access Reviews subscription or a Plus, Growth, or higher plan to participate.

Get Started with Access Requests

  • From the left-hand navigation, select Access

  • From the top navigation, select Requests

You can now view and manage incoming access requests from your personnel.

Enable a System for Access Requests

  • Select Manage systems

  • Click on a system you want to enable

  • Choose a System approver — the person who approves requests

  • Choose a System admin — the person who provisions the account

  • (Optional) Configure access levels or require personnel to provide freeform information what permissions they need

  • (Optional) Require a business justification

  • Click Enable when finished

Adding an access level

To add a new access level, click Add access level and provide the following:

  • Name: This is how users of Vanta (both admins managing requests and personnel submitting requests) will see this access level

  • Description (optional): Personnel will see this description when selecting an access level in an access request. Use it to provide more information or suggestions about who needs this level of access

  • Entitlement (optional): If this system is integrated with Vanta, you can map it to an entitlement from the integration. Learn more below.

Mapping an access level to entitlements

For integrated systems, Vanta recommends you map access levels to entitlements. Entitlements are the actual role or permission Vanta pulls from the integration’s API. By mapping the entitlement to the access level, Vanta can match the access level in the access request to the actual role on the account that we pull from the integration.

The entitlement name is exactly the role or permission Vanta pulls from the integration’s API. Vanta doesn’t run any formatting on the name (e.g., capitalization).

The depth and quality of entitlements is dependent on what each integration’s API makes available. If you have any feedback on the list of entitlements available for an integration, please let us know here and we will investigate.

Connect Slack to Manage Access Requests

  • Navigate to Settings > Notifications in your Vanta dashboard.

  • Click Connect Slack.

  • Follow the prompts to authorize the integration.

Once connected, Slack will be enabled for access request notifications automatically.

Submit an Access Request

  • From the left-hand navigation, click My access requests

    • All personnel can access this page, regardless of role

  • Click on a system

  • Fill in a business justification and permission level (if required)

  • Click Request access

  • Track request status under My requests

    • Pending approval = waiting on the approver

    • Pending provisioning = waiting on the system admin

Submit an Access Request via Slack

You can request access directly in Slack using one of the following methods:

  • Use a Slash Command: Type /vanta request access in any Slack channel or direct message.

  • Open the Vanta App: Find the Vanta app in Slack and click Submit access request.

Then, fill out the form that appears to complete your request.

Approve an Access Request

Approve from Email

  • If assigned as the approver, you’ll receive an email titled:
    [Action Required] [Name] requested access to [System]

  • Click Review request

  • Click Approve or Deny

    • If denying, you’ll be prompted to give a reason

  • Once approved, the request is routed to the system admin

Approve from Vanta

  • From the left-hand navigation, select Access, then Requests

    • If you don’t see this tab, you may not have full admin access

  • Click an access request with status Pending approval

  • (Optional) Use Needs my attention to filter requests

  • Click Approve or Deny

    • If denying, you’ll be prompted to give a reason

  • After approval, the request moves to the system admin for provisioning

Approve from Slack

If you're designated as the system approver, you'll receive a Slack message when someone submits an access request.


You can approve or deny the request directly from that message, no need to leave Slack.

Mark an Access Request as Provisioned

Mark from Email

  • If you’re the system admin, you’ll get an email titled:
    [Action Required] Provision a [System] account for [Name]

  • Click Review request

  • Click Mark as provisioned

  • The request is marked complete, and the requester is notified

Mark from Vanta

  • From the left-hand navigation, select Access, then Requests

  • Click a request with status Pending provisioning

  • (Optional) Use Needs my attention to filter requests

  • Click Mark as provisioned

  • The request is marked complete, and the requester is notified

Mark from Slack

If you're a system admin, you'll receive a Slack message once an access request is approved.


You can mark the request as provisioned directly from that message.


View All Company Access Requests

Admins with access to the Access Module can see all access requests:

  • From the left-hand navigation, select Access, then Requests

  • View all requests and statuses from this page

  • Use filters:

    • Needs my attention = requests assigned to you

    • Open requests = all pending company-wide requests

FAQ

Who should I contact with feedback on the open beta?
Please submit product feedback here.

Can system admins and approvers see access requests?
Yes! They can view and act on any access request assigned to them in Vanta. They must have the Collaborator Role. Vanta will check for this before enabling a system.

Can I submit another request for a system I’ve already requested access to?
Yes. You can submit multiple access requests to the same system if needed.

Will these requests connect with Access Reviews or Offboarding?
We're actively building support to surface access requests during reviews and offboarding.

What if an approver or system admin leaves the company?
Vanta will flag them as invalid and prompt you to reassign those roles.

What integrated systems currently support access levels?

The following integrations support access levels today: Slack, Checkr, Bitbucket, Cloudflare, Zoom, Sentry, Asana, Knowbe4, Calendly, OpenAI, Zendesk, Jamf, Pagerduty, Heroku, Monday, Snyk, Brex, Supabase, Box, Clubhouse, Fivetran, Launchdarkly, Tenable, Netlify, Lattice, Grafana Cloud, Ramp, Ashby, Curricula, Render, Smartsheet, Opsgenie, Twingate, Qualys, Doppler, Workspace One, Lever, Guru, Sigma, Lacework, Asset Panda, Dockerhub, Hook, Torii, Statsig, Vendr, Harness, Productboard.

Why do only some integrated systems support access levels?

Vanta is rolling out access levels gradually to our integrations in order to ensure the entitlement data being pulled from each integration is high quality.

How does Vanta get the list entitlements for a system?

Vanta gets the list of entitlements for a system by building a deduplicated list of the entitlements pulled from all the accounts fetched by the integration (including those fetched in the past but since deleted). For example, we might see that 5 accounts pulled from Slack have the “Member” entitlement and 2 accounts have the “Admin” entitlement; as a result, the list of entitlements for Slack would be “Admin” and “Member”.

A limitation of this approach is that if an entitlement was never actually assigned to an account, Vanta won’t know about it since it never appeared in the integration’s API fetches.

I’m trying to add an access level for an integrated system but an entitlement is missing. What should I do?

An entitlement might be missing because:

  1. No accounts currently fetched from the integration have this entitlement. See above.

  2. The system’s API doesn’t make entitlements available.

Vanta’s integration isn’t pulling the entitlement properly. Please leave us feedback here and we will look into fixing the issue.