Vanta integrates with HiBob to sync employee and group data and support automated onboarding and offboarding workflows. By pulling real-time employment information, Vanta helps ensure that only current employees retain access to company systems, simplifying access reviews and supporting compliance requirements.
Estimated setup time: Less than 5 minutes
This integration pulls users and groups using the SCIM protocol from HiBob.
How It Works
Vanta integrates with HiBob to sync employee and group data, helping you monitor access and support automated onboarding and offboarding workflows. By pulling real-time identity information, Vanta helps ensure that only current employees retain access to company systems.
Use Cases
Connecting HiBob to Vanta will enable you to:
Sync employees and groups from HiBob into Vanta
Monitor and manage personnel access in real time
Ensure only active employees retain access to company systems
Simplify access reviews and support compliance requirements
Requirements
Vanta administrator account
HiBob administrator account
SCIM token
Connect the Integration
In your Vanta dashboard, navigate to the Integrations page and select the Available tab
Search for Bob, then select Connect
Please note: The connection module will open with redirect links to the Bob dashboard, allowing you to log in.
In the Bob dashboard, go to Settings from the left-hand menu, followed by Integrations
From the System Settings page, select Integrations, then search for Service Users
Select Manage, then select Create Service User
In the popup, enter Vanta for both the Service user name and Display name, then select Next
Copy the generated ID and Token. Do not enter them in Vanta yet—this is the only time you can access the Token. Store it temporarily in a secure location
Select Done, then select Go to permissions groups
Select Create Permission Group, and choose Service User
Enter the group name as Vanta Permission Group
Select Select service users
In the dropdown, choose the Vanta user you created earlier, then select Apply
Select Apply again, then select Create to confirm
You’ll be redirected to the new group’s settings.
Go to the People’s Data tab, and under Access Data For, select People
Grant access to the following fields: Termination Date, Lifecycle Status, Employee ID, First Name, Last Name, Email, Display Name, Start Date, Department, Site, and Job Title
Ensure the following permissions are enabled:
View selected employees’ About sections
View selected employees’ Basic info sections
View selected employees’ Lifecycle sections
View selected employees’ Personal contact details
View selected employees’ Work sections
View selected employees’ Work contact details sections
To obtain employee time-off data, also enable:
See who’s out today
See who’s out because of a private policy or policies with a custom name
Select Save and review the summary of changes
Select Apply
Return to Vanta and enter the Service ID and Token you copied earlier, then select Store token.
You’ll see a pop-up confirming the connection with an option to configure scope.
Permissions
Vanta accesses the following data from your HiBob HRIS:
Vanta will be able to view:
Data about your users
Data about your employees
Vanta will be able to do:
Nothing (Vanta does not have write permissions)
Please note: Permissions in HiBob can be checked by navigating to your profile and selecting the Permissions tag next to the action dropdown.
Troubleshooting
I’m unable to connect with HiBob and I’ve set up a custom Employee Fields category
If you’ve moved required fields (such as Termination Date, Lifecycle Status, Employee ID, First Name, Last Name, Email, Display Name, Start Date, Department, Site, Job Title) to a section outside of About, Basic Info, Lifecycle, Work, or Work contact details, you’ll need to grant the Vanta permission group access to View selected employees’ [CUSTOM CATEGORY] sections.
Why do my Vanta users associated with HiBob accounts appear inactive instead of terminated after their end date?
Delete the lifecycle status filter in Access rights for the Vanta permission group. This filter may be set to “Lifecycle Status equals Employed,” which prevents data for terminated employees from syncing.
How to support leave tracking
Users without the configured scope will not see errors when retrieving time-off data. Scopes can be added at any time without reconnecting the Vanta integration.
Required permission: Time Off → See who’s out today
Cutoff date affects user data during resource synchronization
Setting a cutoff date in HiBob determines how terminated users are included in active queries. Users terminated before the cutoff date are excluded, but their data remains in the system.
Adjusting or removing the cutoff date changes which users are included in the next synchronization. This ensures that data stays aligned with the most current administrative settings.