Using the Dynamic IdP groups functionality reduces the time spent creating groups and manually adding or removing members in two places. Now, you will be able to work with the groups that have already been made within Google and use them for workflows and assignments within Vanta!
What are Groups?
- Multiple users with similar responsibilities, tasks, or job descriptions can be grouped. 
- Groups can then assign Task sets to multiple users, making it easier to manage which tasks are assigned to specific people. 
Permissions
- To leverage the connection between Vanta and Google, the user connecting to Google Workspace must have Groups Reader permissions to import groups. 
Importing Groups from Google
- Google must be connected through the Integrations page as your IDP to use the dynamic group functionality. 
- Select +Add Group and then Add from identity providers from the People > Groups page 
- From here, you will be asked to select which groups you would like brought Into Vanta. - Select the check box next to the group name to signify they should be imported. 
 
- Once you have selected, click Add groups in the lower right-hand corner. 
- Choose a task set from the drop-down to be assigned to each group 
- Click Next 
- Could you review your import? If you would like to make changes, select Back. If you are ready to import into Vanta, you can choose Import Groups. 
- The newly imported groups will appear on your groups' list as Created by Google. 
- Task Sets for an identity provider imported group can be updated similarly to any other list or group. 
 
Updating Groups in Google
- When adding or removing users from groups within Google, that information will automatically be updated and reflected in Vanta. 
- If you don't see the changes reflected right away, select Refresh data to force the update 
Reassigning Groups
- Once a user is assigned to a group through Google, their group cannot be reassigned from within Vanta. 
- To control the user's group through Vanta, remove the user from the Google-created group or delete the imported group in Vanta. 
- If you rename a group imported from Google, the name change must be made within Google. Once saved, the name change will also be reflected in Vanta. 
 
Removing Imported Groups
- The imported group will need to be deleted to remove a Google group import. - To delete a group, open the Groups page and select the Google-imported group you would like to remove 
- Select the options menu (...), and select Delete Group 
 
- When this happens, all existing identity provider group users are reassigned to their prior Vanta groups, and the identity provider group is removed from Vanta. If needed, The group can always be re-imported if the admin changes their mind. 
 
Please keep in mind that:
- We do not support IDP groups with more than 8,000 employees. Users will not see groups with more than 8,000 employees show up in the UI when importing groups. 
- We don't support fetching more than 10,000 groups for our Google IDP group integration due to rate limits imposed by Google. If a user has 10,000+ groups, only the first 10,000 will be available for import. 
 
- Changes from identity providers are only reflected when resources are refreshed on a two-hour cadence. Customers can also trigger these refreshes from the group's drawer on the group's page. 
- Suppose a user is in multiple groups in their identity provider, and both groups are imported within Vanta. In that case, we place the user into the last imported group in Vanta by default. This can subsequently be changed from the people page by editing the group for a user. 
 
